draft-ietf-cdni-logging-10.txt   draft-ietf-cdni-logging-11.txt 
Internet Engineering Task Force F. Le Faucheur, Ed. Internet Engineering Task Force F. Le Faucheur, Ed.
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track G. Bertrand, Ed. Intended status: Standards Track G. Bertrand, Ed.
Expires: September 4, 2014 I. Oprescu, Ed. Expires: September 26, 2014 I. Oprescu, Ed.
Orange Orange
R. Peterkofsky R. Peterkofsky
Skytide, Inc. Skytide, Inc.
March 3, 2014 March 25, 2014
CDNI Logging Interface CDNI Logging Interface
draft-ietf-cdni-logging-10 draft-ietf-cdni-logging-11
Abstract Abstract
This memo specifies the Logging interface between a downstream CDN This memo specifies the Logging interface between a downstream CDN
(dCDN) and an upstream CDN (uCDN) that are interconnected as per the (dCDN) and an upstream CDN (uCDN) that are interconnected as per the
CDN Interconnection (CDNI) framework. First, it describes a CDN Interconnection (CDNI) framework. First, it describes a
reference model for CDNI logging. Then, it specifies the CDNI reference model for CDNI logging. Then, it specifies the CDNI
Logging File format and the actual protocol for exchange of CDNI Logging File format and the actual protocol for exchange of CDNI
Logging Files. Logging Files.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 4, 2014. This Internet-Draft will expire on September 26, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 36 skipping to change at page 2, line 36
2.2.5.4. Security . . . . . . . . . . . . . . . . . . . . 13 2.2.5.4. Security . . . . . . . . . . . . . . . . . . . . 13
2.2.5.5. Legal Logging Duties . . . . . . . . . . . . . . 13 2.2.5.5. Legal Logging Duties . . . . . . . . . . . . . . 13
2.2.5.6. Notions common to multiple Log Consuming 2.2.5.6. Notions common to multiple Log Consuming
Applications . . . . . . . . . . . . . . . . . . 13 Applications . . . . . . . . . . . . . . . . . . 13
3. CDNI Logging File . . . . . . . . . . . . . . . . . . . . . . 15 3. CDNI Logging File . . . . . . . . . . . . . . . . . . . . . . 15
3.1. Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.1. Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2. CDNI Logging File Structure . . . . . . . . . . . . . . . 16 3.2. CDNI Logging File Structure . . . . . . . . . . . . . . . 16
3.3. CDNI Logging File Directives . . . . . . . . . . . . . . 19 3.3. CDNI Logging File Directives . . . . . . . . . . . . . . 19
3.4. CDNI Logging Records . . . . . . . . . . . . . . . . . . 22 3.4. CDNI Logging Records . . . . . . . . . . . . . . . . . . 22
3.4.1. HTTP Request Logging Record . . . . . . . . . . . . . 23 3.4.1. HTTP Request Logging Record . . . . . . . . . . . . . 23
3.5. CDNI Logging File Example . . . . . . . . . . . . . . . . 31 3.5. CDNI Logging File Example . . . . . . . . . . . . . . . . 32
4. CDNI Logging File Exchange Protocol . . . . . . . . . . . . . 32 4. CDNI Logging File Exchange Protocol . . . . . . . . . . . . . 32
4.1. CDNI Logging Feed . . . . . . . . . . . . . . . . . . . . 33 4.1. CDNI Logging Feed . . . . . . . . . . . . . . . . . . . . 33
4.1.1. Atom Formatting . . . . . . . . . . . . . . . . . . . 33 4.1.1. Atom Formatting . . . . . . . . . . . . . . . . . . . 33
4.1.2. Updates to Log Files and the Feed . . . . . . . . . . 33 4.1.2. Updates to Log Files and the Feed . . . . . . . . . . 34
4.1.3. Redundant Feeds . . . . . . . . . . . . . . . . . . . 34 4.1.3. Redundant Feeds . . . . . . . . . . . . . . . . . . . 34
4.1.4. Example CDNI Logging Feed . . . . . . . . . . . . . . 34 4.1.4. Example CDNI Logging Feed . . . . . . . . . . . . . . 35
4.2. CDNI Logging File Pull . . . . . . . . . . . . . . . . . 36 4.2. CDNI Logging File Pull . . . . . . . . . . . . . . . . . 37
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 38
5.1. CDNI Logging Directive Names Registry . . . . . . . . . . 37 5.1. CDNI Logging Directive Names Registry . . . . . . . . . . 38
5.2. CDNI Logging Record-Types Registry . . . . . . . . . . . 38 5.2. CDNI Logging Record-Types Registry . . . . . . . . . . . 39
5.3. CDNI Logging Field Names Registry . . . . . . . . . . . . 39 5.3. CDNI Logging Field Names Registry . . . . . . . . . . . . 40
5.4. CDNI Logging MIME Media Type . . . . . . . . . . . . . . 40 5.4. CDNI Logging MIME Media Type . . . . . . . . . . . . . . 41
6. Security Considerations . . . . . . . . . . . . . . . . . . . 40 6. Security Considerations . . . . . . . . . . . . . . . . . . . 41
6.1. Authentication, Confidentiality, Integrity Protection . . 40 6.1. Authentication, Confidentiality, Integrity Protection . . 41
6.2. Denial of Service . . . . . . . . . . . . . . . . . . . . 41 6.2. Denial of Service . . . . . . . . . . . . . . . . . . . . 42
6.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 41 6.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 42
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 42 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 42 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 44
8.1. Normative References . . . . . . . . . . . . . . . . . . 42 8.1. Normative References . . . . . . . . . . . . . . . . . . 44
8.2. Informative References . . . . . . . . . . . . . . . . . 43 8.2. Informative References . . . . . . . . . . . . . . . . . 44
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46
1. Introduction 1. Introduction
This memo specifies the CDNI Logging interface between a downstream This memo specifies the CDNI Logging interface between a downstream
CDN (dCDN) and an upstream CDN (uCDN). First, it describes a CDN (dCDN) and an upstream CDN (uCDN). First, it describes a
reference model for CDNI logging. Then, it specifies the CDNI reference model for CDNI logging. Then, it specifies the CDNI
Logging File format and the actual protocol for exchange of CDNI Logging File format and the actual protocol for exchange of CDNI
Logging Files. Logging Files.
The reader should be familiar with the following documents: The reader should be familiar with the following documents:
skipping to change at page 23, line 44 skipping to change at page 23, line 44
FIEVAL = <CDNI Logging Field value> FIEVAL = <CDNI Logging Field value>
<CDNI Logging Record> = FIEVAL *<HTAB FIEVAL> ; where FIEVAL <CDNI Logging Record> = FIEVAL *<HTAB FIEVAL> ; where FIEVAL
contains the CDNI Logging field values corresponding to the CDNI contains the CDNI Logging field values corresponding to the CDNI
Logging field names (FIENAME) listed is the last Fields directive Logging field names (FIENAME) listed is the last Fields directive
predecing the present CDNI Logging Record. predecing the present CDNI Logging Record.
3.4.1. HTTP Request Logging Record 3.4.1. HTTP Request Logging Record
The HTTP Request Logging Record is a CDNI Logging Record of Record- This section defines the CDNI Logging Record of Record-Type
Type "cdni_http_request_v1". It contains the following CDNI Logging "cdni_http_request_v1". It is applicable to content delivery
Fields, listed by their field name: performed by the dCDN using HTTP/1.0([RFC1945]), HTTP/1.1([RFC2616])
or HTTPS ([RFC2818]). We observe that, in the case of HTTPS
delivery, there may be value in logging additional information
specific to the operation of HTTP over TLS and we note that this is
outside the scope of the present document and may be addressed in a
future document defining another CDNI Logging Record or another
version of the HTTP Request Logging Record.
The "cdni_http_request_v1" Record-Type is also expected to be
applicable to HTTP/2.0 [I-D.ietf-httpbis-http2] (which is still under
development at the time of writing the present document) since a
fundamental design tenet of HTTP/2.0 is to preserve the HTTP/1.1
semantics. We observe that, in the case of HTTP/2.0 delivery, there
may be value in logging additional information specific to the
additional functionality of HTTP/2.0 (e.g. information related to
connection identification, to stream identification, to stream
priority and to flow control). We note that such additional
information is outside the scope of the present document and may be
addressed in a future document defining another CDNI Logging Record
or another version of the HTTP Request Logging Record.
The "cdni_http_request_v1" Record-Type contains the following CDNI
Logging Fields, listed by their field name:
o date: o date:
* format: DATE * format: DATE
* field value: the date at which the processing of request * field value: the date at which the processing of request
completed on the Surrogate. completed on the Surrogate.
* occurrence: there MUST be one and only one instance of this * occurrence: there MUST be one and only one instance of this
field. field.
o time: o time:
* format: TIME * format: TIME
skipping to change at page 40, line 29 skipping to change at page 41, line 29
5.4. CDNI Logging MIME Media Type 5.4. CDNI Logging MIME Media Type
The IANA is requested to allocate the "application/cdni.LoggingFile" The IANA is requested to allocate the "application/cdni.LoggingFile"
MIME Media Type (whose use is specified in Section 4.1.1 of the MIME Media Type (whose use is specified in Section 4.1.1 of the
present document) in the MIME Media Types registry. present document) in the MIME Media Types registry.
6. Security Considerations 6. Security Considerations
6.1. Authentication, Confidentiality, Integrity Protection 6.1. Authentication, Confidentiality, Integrity Protection
The use of TLS as per [RFC2818] for transport of the CDNI Logging A CDNI Logging implementation MUST support TLS transport of the CDNI
feed mechanism (Section 4.1) and CDNI Logging File pull mechanism Logging feed (Section 4.1) and of the CDNI Logging File pull
(Section 4.2) allows: (Section 4.2) as per [RFC2818].
The use of TLS for transport of the CDNI Logging feed and CDNI
Logging File pull allows:
o the dCDN and uCDN to authenticate each other (to ensure they are o the dCDN and uCDN to authenticate each other (to ensure they are
transmitting/receiving CDNI Logging File from an authenticated transmitting/receiving CDNI Logging File from an authenticated
CDN) CDN)
o the CDNI Logging information to be transmitted with o the CDNI Logging information to be transmitted with
confidentiality confidentiality
o the integrity of the CDNI Logging information to be protected o the integrity of the CDNI Logging information to be protected
during the exchange during the exchange
In an environment where any such protection is required, TLS SHOULD In an environment where any such protection is required, TLS SHOULD
be used for transport of the CDNI Logging feed and the CDNI Logging be used for transport of the CDNI Logging feed and the CDNI Logging
File pull. Both parties of the transaction (uCDN and dCDN) SHOULD File pull unless alternate methods are used for ensuring the
use mutual authentication. confidentiality of the information in the logging files (such as
setting up an IPsec tunnel between the two CDNs or using a physically
A CDNI Logging implementation MUST support TLS transport of the CDNI secured internal network between two CDNs that are owned by the same
Logging feed and the CDNI Logging File pull. corporate entity). Both parties of the transaction (uCDN and dCDN)
SHOULD use mutual authentication.
Alternate methods MAY be used for ensuring the confidentiality of the A CDNI Logging implementation MUST support the
information in the logging files such as setting up an IPsec tunnel TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite ( [RFC5288]). An
between the two CDNs or using a physically secured internal network implementation of the CDNI Logging Interface SHOULD prefer cipher
between two CDNs that are owned by the same corporate entity. suites which support perfect forward secrecy over cipher suites that
don't.
The Integrity-Hash directive inside the CDNI Logging File provides The Integrity-Hash directive inside the CDNI Logging File provides
additional integrity protection, this time targeting potential additional integrity protection, this time targeting potential
corruption of the CDNI logging information during the CDNI Logging corruption of the CDNI logging information during the CDNI Logging
File generation. This mechanism does not allow restoration of the File generation. This mechanism does not allow restoration of the
corrupted CDNI Logging information, but it allows detection of such corrupted CDNI Logging information, but it allows detection of such
corruption and therefore triggering of appropriate correcting actions corruption and therefore triggering of appropriate correcting actions
(e.g., discard of corrupted information, attempt to re-obtain the (e.g., discard of corrupted information, attempt to re-obtain the
CDNI Logging information). CDNI Logging information).
skipping to change at page 41, line 33 skipping to change at page 42, line 39
as firewalling or use of Virtual Private Networks (VPNs). as firewalling or use of Virtual Private Networks (VPNs).
Protection of dCDN Surrogates against spoofed delivery requests is Protection of dCDN Surrogates against spoofed delivery requests is
outside the scope of the CDNI Logging interface. outside the scope of the CDNI Logging interface.
6.3. Privacy 6.3. Privacy
CDNs have the opportunity to collect detailed information about the CDNs have the opportunity to collect detailed information about the
downloads performed by End Users. The provision of this information downloads performed by End Users. The provision of this information
to another CDN introduces potential End Users privacy protection to another CDN introduces potential End Users privacy protection
concerns. We observe that when CDNI interconnection is realised as concerns.
per [I-D.ietf-cdni-framework], the uCDN handles the initial End User
The use of TLS for transport of the CDNI Logging feed and CDNI
Logging pull as discussed in Section 6.1 protects the confidentiality
of logged information by preventing any other party than the
authorised uCDN to gain access to the logging information.
We observe that when CDNI interconnection is realised as per
[I-D.ietf-cdni-framework], the uCDN handles the initial End User
requests (before it is redirected to the dCDN) so, regardless of requests (before it is redirected to the dCDN) so, regardless of
which information is, or is not, communicated to the uCDN through the which information is, or is not, communicated to the uCDN through the
CDNI Logging interface, the uCDN has visibility on significant CDNI Logging interface, the uCDN has visibility on significant
information such as the IP address of the End User request and the information such as the IP address of the End User request and the
URL of the request. URL of the request.
Nonetheless, if the dCDN and uCDN agree that anonymization is Nonetheless, if the dCDN and uCDN agree that anonymization is
required to avoid making some detailed information available to the required to avoid making some detailed information available to the
uCDN (such as how many bytes of the content have been watched by an uCDN (such as how many bytes of the content have been watched by an
End User and/or at what time) or is required to meet some legal End User and/or at what time) or is required to meet some legal
skipping to change at page 43, line 22 skipping to change at page 44, line 37
[RFC5005] Nottingham, M., "Feed Paging and Archiving", RFC 5005, [RFC5005] Nottingham, M., "Feed Paging and Archiving", RFC 5005,
September 2007. September 2007.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008. Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois
Counter Mode (GCM) Cipher Suites for TLS", RFC 5288,
August 2008.
8.2. Informative References 8.2. Informative References
[CHAR_SET] [CHAR_SET]
"IANA Character Sets registry", <http://www.iana.org/ "IANA Character Sets registry", <http://www.iana.org/
assignments/character-sets/character-sets.xml>. assignments/character-sets/character-sets.xml>.
[ELF] Phillip M. Hallam-Baker, and Brian Behlendorf, "Extended [ELF] Phillip M. Hallam-Baker, and Brian Behlendorf, "Extended
Log File Format, W3C (work in progress), WD- Log File Format, W3C (work in progress), WD-
logfile-960323", <http://www.w3.org/TR/WD-logfile.html>. logfile-960323", <http://www.w3.org/TR/WD-logfile.html>.
skipping to change at page 43, line 47 skipping to change at page 45, line 20
[I-D.ietf-cdni-metadata] [I-D.ietf-cdni-metadata]
Niven-Jenkins, B., Murray, R., Watson, G., Caulfield, M., Niven-Jenkins, B., Murray, R., Watson, G., Caulfield, M.,
Leung, K., and K. Ma, "CDN Interconnect Metadata", draft- Leung, K., and K. Ma, "CDN Interconnect Metadata", draft-
ietf-cdni-metadata-06 (work in progress), February 2014. ietf-cdni-metadata-06 (work in progress), February 2014.
[I-D.ietf-cdni-requirements] [I-D.ietf-cdni-requirements]
Leung, K. and Y. Lee, "Content Distribution Network Leung, K. and Y. Lee, "Content Distribution Network
Interconnection (CDNI) Requirements", draft-ietf-cdni- Interconnection (CDNI) Requirements", draft-ietf-cdni-
requirements-17 (work in progress), January 2014. requirements-17 (work in progress), January 2014.
[I-D.ietf-httpbis-http2]
Belshe, M., Peon, R., and M. Thomson, "Hypertext Transfer
Protocol version 2", draft-ietf-httpbis-http2-10 (work in
progress), February 2014.
[I-D.snell-atompub-link-extensions] [I-D.snell-atompub-link-extensions]
Snell, J., "Atom Link Extensions", draft-snell-atompub- Snell, J., "Atom Link Extensions", draft-snell-atompub-
link-extensions-09 (work in progress), June 2012. link-extensions-09 (work in progress), June 2012.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992. April 1992.
[RFC1945] Berners-Lee, T., Fielding, R., and H. Nielsen, "Hypertext
Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265, [RFC6265] Barth, A., "HTTP State Management Mechanism", RFC 6265,
April 2011. April 2011.
[RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content [RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
Distribution Network Interconnection (CDNI) Problem Distribution Network Interconnection (CDNI) Problem
Statement", RFC 6707, September 2012. Statement", RFC 6707, September 2012.
[RFC6770] Bertrand, G., Stephan, E., Burbridge, T., Eardley, P., Ma, [RFC6770] Bertrand, G., Stephan, E., Burbridge, T., Eardley, P., Ma,
 End of changes. 16 change blocks. 
39 lines changed or deleted 86 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/