Diff: rfc9677v1.txt - rfc9677.txt

	rfc9677v1.txt	rfc9677.txt

	Internet Engineering Task Force (IETF) F. Fieau	Internet Engineering Task Force (IETF) F. Fieau
	Request for Comments: 9677 E. Stephan	Request for Comments: 9677 E. Stephan
	Category: Standards Track Orange	Category: Standards Track Orange

	ISSN: 2070-1721 G. Guillaume	ISSN: 2070-1721 G. Bichot
	C. Christoph	C. Neumann
	Broadpeak	Broadpeak
	October 2024	October 2024

	Content Delivery Network Interconnection (CDNI) Metadata for Delegated	Content Delivery Network Interconnection (CDNI) Metadata for Delegated
	Credentials	Credentials

	Abstract	Abstract

	The delivery of content over HTTPS involving multiple Content	The delivery of content over HTTPS involving multiple Content
	Delivery Networks (CDNs) raises credential management issues. This	Delivery Networks (CDNs) raises credential management issues. This

	skipping to change at line 192 ¶	skipping to change at line 192 ¶
	delegated credential and deploy it on multiple endpoints.	delegated credential and deploy it on multiple endpoints.
	Alternatively, the dCDN MAY deploy a different delegated credential	Alternatively, the dCDN MAY deploy a different delegated credential
	for each endpoint (provided that the uCDN delivers enough different	for each endpoint (provided that the uCDN delivers enough different
	delegated credentials). This choice is at the discretion of the dCDN	delegated credentials). This choice is at the discretion of the dCDN
	and depends on the number of delegated credentials provided by the	and depends on the number of delegated credentials provided by the
	uCDN.	uCDN.

	The FCI.DelegationCredentials object does not address expiry or	The FCI.DelegationCredentials object does not address expiry or
	renewal of delegated credentials. Once the uCDN has provided	renewal of delegated credentials. Once the uCDN has provided
	delegated credentials via the MI, the uCDN SHOULD monitor the	delegated credentials via the MI, the uCDN SHOULD monitor the

	provided credentials and their expiry times and timely refresh dCDN	provided credentials and their expiry times and SHOULD refresh dCDN
	credentials via the MI. The uCDN may decide not to monitor the	credentials via the MI in a timely manner. The uCDN may decide not
	validity period of delegated credentials and not to refresh the	to monitor the validity period of delegated credentials and not to
	credentials, for example, in cases of short-term one-shot deployments	refresh the credentials, for example, in cases of short-term one-shot
	or once it has decided to deprovision a dCDN. If the delegated	deployments or once it has decided to deprovision a dCDN. If the
	credential is not renewed on time by the uCDN, the servers of the	delegated credential is not renewed on time by the uCDN, the servers
	dCDN that only have expired delegated credentials MUST refuse any new	of the dCDN that only have expired delegated credentials MUST refuse
	TLS connection that requires an up-to-date delegated credential.	any new TLS connection that requires an up-to-date delegated
		credential.

	4. CDNI Metadata Interface (MI) Metadata Object for Delegated	4. CDNI Metadata Interface (MI) Metadata Object for Delegated
	Credentials	Credentials

	As expressed in [RFC9345], when an uCDN has delegated to a dCDN, the	As expressed in [RFC9345], when an uCDN has delegated to a dCDN, the
	dCDN presents the "delegated_credential" (rather than its own	dCDN presents the "delegated_credential" (rather than its own
	certificate) during the TLS handshake [RFC8446] to the User Agent.	certificate) during the TLS handshake [RFC8446] to the User Agent.
	This implies that the dCDN is also in the possession of the private	This implies that the dCDN is also in the possession of the private
	key corresponding to the public key in DelegatedCredential.cred	key corresponding to the public key in DelegatedCredential.cred
	[RFC9345]. This allows the User Agent to verify the signature in a	[RFC9345]. This allows the User Agent to verify the signature in a

	skipping to change at line 261 ¶	skipping to change at line 262 ¶
	constraints regarding the usage of the private key.	constraints regarding the usage of the private key.

	If the private-key property is used, the transported private key MUST	If the private-key property is used, the transported private key MUST
	be encrypted using the PrivateKeyEncryptionKey specified in	be encrypted using the PrivateKeyEncryptionKey specified in
	FCI.DelegatedCredentials. The envelope format for this property MUST	FCI.DelegatedCredentials. The envelope format for this property MUST
	use JWE [RFC7516] using the base64 compact serialization (Section 7.1	use JWE [RFC7516] using the base64 compact serialization (Section 7.1
	of [RFC7516]), whereas the private key is included as JWE Ciphertext	of [RFC7516]), whereas the private key is included as JWE Ciphertext
	in the JWE. The JWE content-type field MAY be used to signal the	in the JWE. The JWE content-type field MAY be used to signal the
	media type of the encrypted key.	media type of the encrypted key.


	Below, please see an example of an MI.DelegatedCredential object.	Below, please see an example of an MI.DelegatedCredentials object.

	{	{
	"generic-metadata-type": "MI.DelegatedCredentials",	"generic-metadata-type": "MI.DelegatedCredentials",
	"generic-metadata-value": {	"generic-metadata-value": {
	"delegated-credentials": [	"delegated-credentials": [
	{"delegated-credential":	{"delegated-credential":
	"cBBfm8KK6pPz/tdgKyedwA...	"cBBfm8KK6pPz/tdgKyedwA...
	iXCCIAmzMM0R8FLI3Ba0UQ=="},	iXCCIAmzMM0R8FLI3Ba0UQ=="},
	{"delegated-credential":	{"delegated-credential":
	"4pyIGtjFdys1+9y/4sS/Fg...	"4pyIGtjFdys1+9y/4sS/Fg...

	skipping to change at line 287 ¶	skipping to change at line 288 ¶
	}	}
	}	}

	5. Delegated Credentials Call Flow	5. Delegated Credentials Call Flow

	An example call-flow using delegated credentials is depicted in	An example call-flow using delegated credentials is depicted in
	Figure 1. The steps are as follows.	Figure 1. The steps are as follows.

	1. It is assumed that the uCDN has been provisioned and configured	1. It is assumed that the uCDN has been provisioned and configured
	with a certificate. Note that it is out of scope of CDNI and the	with a certificate. Note that it is out of scope of CDNI and the

	present document how and from where (e.g., Content Service	present document how and from where (e.g., which Content Service
	Provider) the uCDN acquired its certificate.	Provider) the uCDN acquired its certificate.

	2. The uCDN generates a set of delegated credentials (here it is	2. The uCDN generates a set of delegated credentials (here it is
	assumed that public keys of the dCDN are known). Note that the	assumed that public keys of the dCDN are known). Note that the
	uCDN may generate this material at different points in time,	uCDN may generate this material at different points in time,
	e.g., in advance to have a pool of delegated credentials or on	e.g., in advance to have a pool of delegated credentials or on
	demand when the dCDN announces its maximum number of supported	demand when the dCDN announces its maximum number of supported
	delegated credentials.	delegated credentials.

	3. Using the CDNI FCI [RFC8008], the dCDN advertises	3. Using the CDNI FCI [RFC8008], the dCDN advertises

	skipping to change at line 329 ¶	skipping to change at line 330 ¶
	\| \| [2. generation of	\| \| [2. generation of
	\| \| delegated credentials]	\| \| delegated credentials]
	\| \| \|	\| \| \|
	\| 3. CDNI FCI used to	\| 3. CDNI FCI used to
	\| advertise support of MI.DelegatedCredentials	\| advertise support of MI.DelegatedCredentials
	\| and announce number of delegated credentials	\| and announce number of delegated credentials
	\| supported using FCI.DelegatedCredentials	\| supported using FCI.DelegatedCredentials
	\| \|-------------------->+	\| \|-------------------->+
	\| \| \|	\| \| \|
	\| 4. CDNI MI used to	\| 4. CDNI MI used to

	\| provide the MI.DelegatedCredential object	\| provide the MI.DelegatedCredentials object
	\| \|<--------------------+	\| \|<--------------------+
	\| \| \|	\| \| \|
	.	.
	.	.
	.	.
	[5. TLS handshake according \|	[5. TLS handshake according \|
	to [RFC9345]] . \|	to [RFC9345]] . \|
	\|<------------------->\| \|	\|<------------------->\| \|
	\| \| \|	\| \| \|
	.	.
	.	.
	.	.
	\| 6. Some delegated credentials about to expire.	\| 6. Some delegated credentials about to expire.
	\| CDNI MI used to	\| CDNI MI used to

	\| provide new MI.DelegatedCredential object	\| provide new MI.DelegatedCredentials object
	\| \|<--------------------+	\| \|<--------------------+
	\| \| \|	\| \| \|

	Figure 1: Example Call Flow of Delegated Credentials in CDNI	Figure 1: Example Call Flow of Delegated Credentials in CDNI

	6. IANA Considerations	6. IANA Considerations

	IANA has registered the following payload types in the "CDNI Payload	IANA has registered the following payload types in the "CDNI Payload
	Types" registry in the "Content Delivery Network Interconnection	Types" registry in the "Content Delivery Network Interconnection
	(CDNI) Parameters" registry group.	(CDNI) Parameters" registry group.

	skipping to change at line 404 ¶	skipping to change at line 405 ¶
	requires access to the private key in order to exploit a delegated	requires access to the private key in order to exploit a delegated
	credential and impersonate dCDN nodes. Thus, leakage of only the	credential and impersonate dCDN nodes. Thus, leakage of only the
	delegated credential without the private key represents a limited	delegated credential without the private key represents a limited
	security risk.	security risk.

	Delegated credentials and associated private keys are short-lived	Delegated credentials and associated private keys are short-lived
	(per default, the maximum validity period is set to 7 days in	(per default, the maximum validity period is set to 7 days in
	[RFC9345]) and as such a single leaked delegated credential with its	[RFC9345]) and as such a single leaked delegated credential with its
	private key represents a limited security risk. Still, it is NOT	private key represents a limited security risk. Still, it is NOT
	RECOMMENDED to send private keys through the MI. Omitting the	RECOMMENDED to send private keys through the MI. Omitting the

	private key further limits the possibility exploits by an attacker to	private key further limits the possible ways an attacker could
	exploit the delegated credential.	exploits the delegated credential.

	If this recommendation is not followed, i.e., the private key is	If this recommendation is not followed, i.e., the private key is
	communicated via the MI, the transported private key MUST be	communicated via the MI, the transported private key MUST be
	encrypted within a JWE envelope using the encryption key	encrypted within a JWE envelope using the encryption key
	(PrivateKeyEncryptionKey) provided within the	(PrivateKeyEncryptionKey) provided within the
	FCI.DelegatedCredentials by the dCDN. The JWE encryption key	FCI.DelegatedCredentials by the dCDN. The JWE encryption key
	(PrivateKeyEncryptionKey) MUST have a strength equal to or larger	(PrivateKeyEncryptionKey) MUST have a strength equal to or larger
	than the private key it is encrypting for transport. Note that the	than the private key it is encrypting for transport. Note that the
	specified encryption method does not offer forward secrecy. If the	specified encryption method does not offer forward secrecy. If the
	dCDN's encryption key becomes compromised in the future, then all	dCDN's encryption key becomes compromised in the future, then all

	skipping to change at line 435 ¶	skipping to change at line 436 ¶
	secure these interfaces, protecting the integrity and	secure these interfaces, protecting the integrity and
	confidentiality, as well as ensuring the authenticity of the dCDN and	confidentiality, as well as ensuring the authenticity of the dCDN and
	uCDN, which should prevent an attacker from systematically retrieving	uCDN, which should prevent an attacker from systematically retrieving
	delegated credentials and associated private keys.	delegated credentials and associated private keys.

	8. Privacy Considerations	8. Privacy Considerations

	The FCI and MI objects and the information defined in the present	The FCI and MI objects and the information defined in the present
	document do not contain any personally identifiable information	document do not contain any personally identifiable information
	(PII). As such, this document does not change or alter the	(PII). As such, this document does not change or alter the

	Confidentiality and Privacy Consideration outlined in the CDNI	confidentiality and privacy considerations outlined in Section 8.2 of
	Metadata and Footprint and Capabilities RFCs [RFC8006].	[RFC8006] and Section 7 of [RFC8008].

	A single or systematic retrieval of delegated credentials and	A single or systematic retrieval of delegated credentials and
	associated private keys would allow the attacker to decrypt any data	associated private keys would allow the attacker to decrypt any data
	sent by the end user intended for the end service, which may include	sent by the end user intended for the end service, which may include
	PII.	PII.

	9. References	9. References

	9.1. Normative References	9.1. Normative References


End of changes. 8 change blocks.
	18 lines changed or deleted	19 lines changed or added
This html diff was produced by rfcdiff 1.48.