ietf-openproxy
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: WG Last Call: draft-ietf-opes-architecture-00

2002-05-22 13:09:04
from [Oskar Batuner] [Permanent Link] 




-----Original Message-----
From: owner-ietf-openproxy(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-openproxy(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Ian 
Cooper
Sent: Monday, May 20, 2002 3:13 PM
To: OPES Group
Cc: Oskar Batuner; Markus Hofmann
Subject: RE: WG Last Call: draft-ietf-opes-architecture-00



--On Monday, May 20, 2002 13:28 -0400 Oskar Batuner 
<batuner(_at_)attbi(_dot_)com>
wrote:




- CDN scenario: OPES architecture is used to build a content
distribution network and OPES servers in fact constitute an
integral part of data provider. In this case such servers have
an absolute trust of data provider and the end user has no more
right or reason to question/interfere with there functionality
than it has now in relation to the architecture of the
provider's site web servers farm.


Agree, though I'm not sure I see anything that suggests otherwise.
(Apologies if I'm missing something in my jetlag induced haze.)



Well, some practical implications of CDN scenario (or use of OPES
architecture in web server farm):

1. Data producer may delegate signing authority to OPES server;
2. OPES server may respond to any security-related (trace-type)
requests in exactly the same way the data origin would.

More issues with security:

It is not clear how to apply the proposed tracing and integrity
verification mechanisms to truly dynamic data.

Suppose a data producer wants to exploit XML processing abilities of
the latest browsers but still want to serve older browsers with
HTML data. He uses OPES to to perform XML transformation for certain
user-agents. Here original data does not exist at all, nor there is a
"real resource" Ian have mentioned in the previous message.

Use of OPES for filtering also creates a different situation. The data
consumer may have no trust authority at all. Authority belongs to the domain
administrator, who is not present in the data flow and has to
delegate this authority to some proxy - and this may be an OPES proxy.
This breaks the model described in 3.1 were trust is propagated along the
data distribution path. In fact in some cases data consumer may be not a
"primary party" in the draft terminology. The statement "OPES must not
interfere with the capability of these  parties to use end-to-end
authentication and confidentiality" does not work here.

Oskar
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Callout (was Re: WG Last Call: draft-ietf-opes-architecture-0 0, Abbie Barbir
Next by Date:  RE: WG Last Call: draft-ietf-opes-architecture-00: CDN scenario, Oskar Batuner
Previous by Thread:  Re: WG Last Call: draft-ietf-opes-architecture-00: CDN scenario, Markus Hofmann
Next by Thread:  Re: WG Last Call: draft-ietf-opes-architecture-00, The Purple Streak (Hilarie Orman)
Indexes:  [Date] [Thread] [Top] [All Lists]