draft-ietf-cdni-logging-23.txt   draft-ietf-cdni-logging-24.txt 
Internet Engineering Task Force F. Le Faucheur, Ed. Internet Engineering Task Force F. Le Faucheur, Ed.
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track G. Bertrand, Ed. Intended status: Standards Track G. Bertrand, Ed.
Expires: September 19, 2016 Orange Expires: October 3, 2016 Orange
I. Oprescu, Ed. I. Oprescu, Ed.
R. Peterkofsky R. Peterkofsky
Google Inc. Google Inc.
March 18, 2016 April 1, 2016
CDNI Logging Interface CDNI Logging Interface
draft-ietf-cdni-logging-23 draft-ietf-cdni-logging-24
Abstract Abstract
This memo specifies the Logging interface between a downstream CDN This memo specifies the Logging interface between a downstream CDN
(dCDN) and an upstream CDN (uCDN) that are interconnected as per the (dCDN) and an upstream CDN (uCDN) that are interconnected as per the
CDN Interconnection (CDNI) framework. First, it describes a CDN Interconnection (CDNI) framework. First, it describes a
reference model for CDNI logging. Then, it specifies the CDNI reference model for CDNI logging. Then, it specifies the CDNI
Logging File format and the actual protocol for exchange of CDNI Logging File format and the actual protocol for exchange of CDNI
Logging Files. Logging Files.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 19, 2016. This Internet-Draft will expire on October 3, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 36 skipping to change at page 2, line 36
2.2.5.3. Analytics and Reporting . . . . . . . . . . . . . 13 2.2.5.3. Analytics and Reporting . . . . . . . . . . . . . 13
2.2.5.4. Content Protection . . . . . . . . . . . . . . . 13 2.2.5.4. Content Protection . . . . . . . . . . . . . . . 13
2.2.5.5. Notions common to multiple Log Consuming 2.2.5.5. Notions common to multiple Log Consuming
Applications . . . . . . . . . . . . . . . . . . 14 Applications . . . . . . . . . . . . . . . . . . 14
3. CDNI Logging File . . . . . . . . . . . . . . . . . . . . . . 16 3. CDNI Logging File . . . . . . . . . . . . . . . . . . . . . . 16
3.1. Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.1. Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2. CDNI Logging File Structure . . . . . . . . . . . . . . . 17 3.2. CDNI Logging File Structure . . . . . . . . . . . . . . . 17
3.3. CDNI Logging Directives . . . . . . . . . . . . . . . . . 20 3.3. CDNI Logging Directives . . . . . . . . . . . . . . . . . 20
3.4. CDNI Logging Records . . . . . . . . . . . . . . . . . . 24 3.4. CDNI Logging Records . . . . . . . . . . . . . . . . . . 24
3.4.1. HTTP Request Logging Record . . . . . . . . . . . . . 25 3.4.1. HTTP Request Logging Record . . . . . . . . . . . . . 25
3.5. CDNI Logging File Extension . . . . . . . . . . . . . . . 35 3.5. CDNI Logging File Extension . . . . . . . . . . . . . . . 36
3.6. CDNI Logging File Example . . . . . . . . . . . . . . . . 36 3.6. CDNI Logging File Example . . . . . . . . . . . . . . . . 36
3.7. Cascaded CDNI Logging Files Example . . . . . . . . . . . 38 3.7. Cascaded CDNI Logging Files Example . . . . . . . . . . . 38
4. Protocol for Exchange of CDNI Logging File After Full 4. Protocol for Exchange of CDNI Logging File After Full
Collection . . . . . . . . . . . . . . . . . . . . . . . . . 41 Collection . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.1. CDNI Logging Feed . . . . . . . . . . . . . . . . . . . . 42 4.1. CDNI Logging Feed . . . . . . . . . . . . . . . . . . . . 42
4.1.1. Atom Formatting . . . . . . . . . . . . . . . . . . . 42 4.1.1. Atom Formatting . . . . . . . . . . . . . . . . . . . 42
4.1.2. Updates to Log Files and the Feed . . . . . . . . . . 42 4.1.2. Updates to Log Files and the Feed . . . . . . . . . . 42
4.1.3. Redundant Feeds . . . . . . . . . . . . . . . . . . . 43 4.1.3. Redundant Feeds . . . . . . . . . . . . . . . . . . . 43
4.1.4. Example CDNI Logging Feed . . . . . . . . . . . . . . 43 4.1.4. Example CDNI Logging Feed . . . . . . . . . . . . . . 43
4.2. CDNI Logging File Pull . . . . . . . . . . . . . . . . . 45 4.2. CDNI Logging File Pull . . . . . . . . . . . . . . . . . 45
skipping to change at page 26, line 24 skipping to change at page 26, line 24
* field value: the date at which the processing of request * field value: the date at which the processing of request
completed on the Surrogate. completed on the Surrogate.
* occurrence: there MUST be one and only one instance of this * occurrence: there MUST be one and only one instance of this
field. field.
o time: o time:
* format: TIME * format: TIME
* field value: the time at which the processing of request * field value: the time, expressed in Coordinated Universal Time
completed on the Surrogate. (UTC), at which the processing of request completed on the
Surrogate.
* occurrence: there MUST be one and only one instance of this * occurrence: there MUST be one and only one instance of this
field. field.
o time-taken: o time-taken:
* format: DEC * format: DEC
* field value: decimal value of the duration, in seconds, between * field value: decimal value of the duration, in seconds, between
the start of the processing of the request and the completion the start of the processing of the request and the completion
skipping to change at page 34, line 25 skipping to change at page 34, line 25
File can therefore represent a significant increase in risk both for File can therefore represent a significant increase in risk both for
the user and the web service provider, but also for the CDNs the user and the web service provider, but also for the CDNs
involved. Implementations ought therefore to attempt to lower the involved. Implementations ought therefore to attempt to lower the
probability of such bad outcomes e.g. by only allowing a configured probability of such bad outcomes e.g. by only allowing a configured
set of headers to be added to CDNI Logging Records, or by not set of headers to be added to CDNI Logging Records, or by not
supporting wildcard selection of HTTP request/response fields to add. supporting wildcard selection of HTTP request/response fields to add.
Such mechanisms can reduce the probability that security (or privacy) Such mechanisms can reduce the probability that security (or privacy)
sensitive values are centralised in CDNI Logging Files. Also, when sensitive values are centralised in CDNI Logging Files. Also, when
agreeing on which HTTP request/response fields are to be provided in agreeing on which HTTP request/response fields are to be provided in
CDNI Logging Files, the uCDN and dCDN administrators ought to CDNI Logging Files, the uCDN and dCDN administrators ought to
consider these risks. consider these risks. Furthermore, CDNs making use of c-groupid to
identify an aggregate of clients rather than individual clients ought
to realize that by logging certain header fields they may create the
possibility to re-identify individual clients. In these cases
heeding the above advice, or not logging header fields at all, is
particularly important if the goal is to provide logs that do not
identify individual clients."
A dCDN-side implementation of the CDNI Logging interface MUST A dCDN-side implementation of the CDNI Logging interface MUST
implement all the following Logging fields in a CDNI Logging Record implement all the following Logging fields in a CDNI Logging Record
of record-type "cdni_http_request_v1", and MUST support the ability of record-type "cdni_http_request_v1", and MUST support the ability
to include valid values for each of them: to include valid values for each of them:
o date o date
o time o time
skipping to change at page 51, line 47 skipping to change at page 51, line 47
CDN) CDN)
o the CDNI Logging information to be transmitted with o the CDNI Logging information to be transmitted with
confidentiality confidentiality
o the integrity of the CDNI Logging information to be protected o the integrity of the CDNI Logging information to be protected
during the exchange. during the exchange.
In an environment where any such protection is required, mutually In an environment where any such protection is required, mutually
authenticated encrypted transport MUST be used to ensure authenticated encrypted transport MUST be used to ensure
confidentiality of the logging information. To that end, TLS MUST be confidentiality of the logging information, and to do so, TLS MUST be
used (including authentication of the remote end) by the server-side used (including authentication of the remote end) by the server-side
and the client-side of the CDNI Logging feed, as well as the server- and the client-side of the CDNI Logging feed, as well as the server-
side and the client-side of the CDNI Logging File pull mechanism. side and the client-side of the CDNI Logging File pull mechanism.
When TLS is used, the general TLS usage guidance in [RFC7525] MUST be When TLS is used, the general TLS usage guidance in [RFC7525] MUST be
followed. followed.
The SHA256-hash directive inside the CDNI Logging File provides The SHA256-hash directive inside the CDNI Logging File provides
additional integrity protection, this time targeting potential additional integrity protection, this time targeting potential
corruption of the CDNI logging information during the CDNI Logging corruption of the CDNI logging information during the CDNI Logging
skipping to change at page 56, line 12 skipping to change at page 56, line 12
<http://www.iana.org/assignments/character-sets/ <http://www.iana.org/assignments/character-sets/
character-sets.xml>. character-sets.xml>.
[ELF] Phillip M. Hallam-Baker, and Brian Behlendorf, "Extended [ELF] Phillip M. Hallam-Baker, and Brian Behlendorf, "Extended
Log File Format, W3C (work in progress), WD-logfile- Log File Format, W3C (work in progress), WD-logfile-
960323", <http://www.w3.org/TR/WD-logfile.html>. 960323", <http://www.w3.org/TR/WD-logfile.html>.
[I-D.ietf-cdni-metadata] [I-D.ietf-cdni-metadata]
Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma, Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma,
"CDN Interconnection Metadata", draft-ietf-cdni- "CDN Interconnection Metadata", draft-ietf-cdni-
metadata-12 (work in progress), October 2015. metadata-13 (work in progress), March 2016.
[I-D.ietf-tls-rfc5246-bis] [I-D.ietf-tls-rfc5246-bis]
Dierks, T. and E. Rescorla, "The Transport Layer Security Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.3", draft-ietf-tls-rfc5246-bis-00 (TLS) Protocol Version 1.3", draft-ietf-tls-rfc5246-bis-00
(work in progress), April 2014. (work in progress), April 2014.
[I-D.snell-atompub-link-extensions] [I-D.snell-atompub-link-extensions]
Snell, J., "Atom Link Extensions", draft-snell-atompub- Snell, J., "Atom Link Extensions", draft-snell-atompub-
link-extensions-09 (work in progress), June 2012. link-extensions-09 (work in progress), June 2012.
 End of changes. 9 change blocks. 
10 lines changed or deleted 17 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/