CDN versus edge compute use case distinction (was: Requesting reviews of draft-vanrein-httpauth-sasl)

Hi Paul,

(@all: I moved this into a separate thread, as a newcomer to this 
particular list I do not know is appropriate, but I do not think it is 
useful to continue diluting the responses to the original thread which had 
an actual action to them. And I apologise for diverting your attention from 
more important discussions, and for the length of my response to follow. 
Feel free to ignore, or to contact me directly should you wish to discuss 
further) 

> i don't think your attempt to define CDN is relevant. the companies selling 
> things under that umbrella are either leading or following the 
> market, rather 
> than consulting a dictionary to find our what business they are 
> in.

I certainly agree that market actors will gladly use and abuse any 
technical term as marketing terminology, no matter if it makes absolutely 
no sense or is even an outright lie. I have seen cable companies in our 
part of the planet deliver so called 'ADSL' services to consumers with a 
straight face, because 'their marketing department said that people 
associated that with fast internet'. The inability to make certificate 
providers see that a logo 'protected by SSL' is inadequate 'because people 
do not understand what TLS means' goes in the same direction.

I agree of course also that all relevant use cases, such as 
container-orchestration systems, need to be taken into account. This 
belongs back in the original thread.

That does not preclude us from having a working definition of different 
roles we see in the landscape. The word 'delivery' in CDN is rather key 
here, anything more than delivering is a fundamental change of role. I 
certainly do not claim the authoritity to write the ultimate definition of 
what a CDN actually is or is not, but having a temporary working definition 
helps to subsequently distinguish passive roles (i.e. a bit bucket for high 
volume assets one can fully replace even client side, as browser plugins 
like DecentralEyes prove) from actual active nodes at the edge which 'own' 
or 'originate' unique elements and processes present nowhere else (for 
which this is fundamentally not possible). 

The passive component is instantly exchangeable and thus tolerated inside a 
trusted computing base as long as that complies with the required level of 
security and privacy, but for sure it can also be easily removed or 
instantly swapped for use cases that are different - e.g. by a local or 
external proxy that caches the content before it reaches the CDN a second 
time. It is not fundamentally necessary to deploy CDNs either, and I 
personally avoid doing so. The active end point cannot be placed outside of 
the trusted computing base in any way, it does not have the mere role of 
delivery but is a data source or service component which is unique for the 
given situation. By virtue of that, use of such a service does leak 
information about the user base of a service to a another party. 

That is a meaningful and fundamental distinction, for which I am obviously 
happy to mentally link or retrofit into to any official definition you can 
point me to rather than me trying to crudely define it myself. Correct 
terminology matters a great deal, because it provides the linguistic 
surgery tools of our thinking. The abstract distinction between the two 
different roles is what matters to me.

To illustrate, this is perhaps in part analogous to how traditional postal 
companies deliver mail which may or may not have a sealed envelope around 
it (*), versus fulfillment companies which actually do personalised mass 
mail merges and print and compile those sealed envelopes based on full 
access to their content as well. All postal companies offer fulfillment 
services, and all fulfillment services get your mail to some delivery 
company - which may be a traditional postal service or an alternative 
network of smaller delivery companies (or even a postal delivery robot as 
we saw recently). 

(*) envelopes are not always closed and postal service deliver unprotected 
postcards and print too, of course, and with enough equipment letters can 
be looked into without opening them.

If you use such a combined service, the end result is the same whichever 
operator you use. Economically, on the outside when looking at all of them 
as 'one stop' service providers it is indeed a group of actors delivering a 
similar set of services. 

But of course, a significant part of regular mail is not done through 
fulfillment. If I (or the tax office) want to send you a confidential 
letter with say access credentials, we write or print a letter ourselves 
and carefully seal a scan-proof envelope, and just use the delivery 
channel. I have no need to use a third party fulfillment service, and it 
would be unwise in terms of operational security as it vastly increases the 
attack surface. Delivering traditional mail with a sealed envelope is the 
core service which is only available from the postal company and its 
competitors in the delivery realm. This does not require a full transfer of 
trust, the delivery company does not per se have the sender nor the 
contents of the mail delivered - as long as there are enough stamps and the 
envelope is adequately sealed. I can easily replace the delivery company 
with say a courier, or deliver it myself if I hire people. 

Fulfillment (like edge computing) is a different role from delivery, as the 
content or service delived by the edge node (like the postal piece) would 
just not exist. It is outsourcing core functionality. My reason to reply to 
the original thread was that the traditional CDN role can take place fully 
without authentication (even by pushing it to another subdomain), and 
therefore is not that relevant to consider. The edge compute case is 
indistinguishable from the cloud provider case, which is fully in scope - 
but I believe that has been taken into account and should not be an issue. 

As mentioned above, apologies for the lenghty reply. I am happy to continue 
this argument offline, since it sparked off a remark made by me. But we all 
have better and more urgent things to do. I wanted to clarify since asked, 
and hope there is nothing controversial in my reply that makes it necessary 
to continues this thread.

Have a great day,
Michiel

Received on Friday, 15 May 2020 08:13:54 UTC