draft-ietf-cdni-https-delegation-subcerts-01.txt   draft-ietf-cdni-https-delegation-subcerts-02.txt 
CDNI Working Group F. Fieau CDNI Working Group F. Fieau
Internet-Draft E. Stephan Internet-Draft E. Stephan
Intended status: Standards Track Orange Intended status: Standards Track Orange
Expires: 10 June 2023 G. Bichot Expires: 8 December 2023 G. Bichot
C. Neumann C. Neumann
Broadpeak Broadpeak
7 December 2022 7 March 2023
CDNI Metadata for Delegated Credentials CDNI Metadata for Delegated Credentials
draft-ietf-cdni-https-delegation-subcerts-01 draft-ietf-cdni-https-delegation-subcerts-02
Abstract Abstract
The delivery of content over HTTPS involving multiple CDNs raises The delivery of content over HTTPS involving multiple CDNs raises
credential management issues. This document defines metadata in CDNI credential management issues. This document defines metadata in CDNI
Control and Metadata interface to setup HTTPS delegation using Control and Metadata interface to setup HTTPS delegation using
Delegated Credentials from an Upstream CDN (uCDN) to a Downstream CDN Delegated Credentials from an Upstream CDN (uCDN) to a Downstream CDN
(dCDN). (dCDN).
Status of this Memo Status of this Memo
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 30 July 2022. This Internet-Draft will expire on 8 December 2023.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 21 skipping to change at page 2, line 21
Table of Contents Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Known delegation methods . . . . . . . . . . . . . . . . . . . 4 3. Known delegation methods . . . . . . . . . . . . . . . . . . . 4
4. CDNI Footprint and Capabilities Advertisement interface 4. CDNI Footprint and Capabilities Advertisement interface
(FCI) for delegated credentials . . . . . . . . . . . . . . . 5 (FCI) for delegated credentials . . . . . . . . . . . . . . . 5
4.1 FCI.DelegatedCredentials . . . . . . . . . . . . . . . . . 5 4.1 FCI.DelegatedCredentials . . . . . . . . . . . . . . . . . 5
4.2 Expected usage of FCI.DelegatedCredentials . . . . . . . . . 5 4.2 Expected usage of FCI.DelegatedCredentials . . . . . . . . . 6
5. CDNI Metadata interface (MI) for delegated credentials . . . . 6 5. CDNI Metadata interface (MI) for delegated credentials . . . . 6
6. Delegated credentials call flows . . . . . . . . . . . . . . . 7 6. Delegated credentials call flows . . . . . . . . . . . . . . . 8
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
7.1 CDNI MI DelegatedCredentials Payload Type . . . . . . . . . 9 7.1 CDNI MI DelegatedCredentials Payload Type . . . . . . . . . 9
7.1 CDNI FCI DelegatedCredentials Payload Type . . . . . . . . 9 7.1 CDNI FCI DelegatedCredentials Payload Type . . . . . . . . 9
8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10
9. Privacy Considerations . . . . . . . . . . . . . . . . . . . . 10 9. Privacy Considerations . . . . . . . . . . . . . . . . . . . . 10
10 References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 10 References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10.1 Normative References . . . . . . . . . . . . . . . . . . . 10 10.1 Normative References . . . . . . . . . . . . . . . . . . . 10
10.2 Informative References . . . . . . . . . . . . . . . . . . 11 10.2 Informative References . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
INTERNET DRAFT <Document Title> <Issue Date> INTERNET DRAFT <Document Title> <Issue Date>
1 Introduction 1 Introduction
Content delivery over HTTPS using one or more CDNs along the path Content delivery over HTTPS using one or more CDNs along the path
requires credential management. This specifically applies when an requires credential management. This specifically applies when an
entity delegates to another trusted entity delivery of content via entity delegates to another trusted entity delivery of content via
HTTPS. HTTPS.
skipping to change at page 3, line 41 skipping to change at page 3, line 41
2. Terminology 2. Terminology
This document uses terminology from CDNI framework documents: CDNI This document uses terminology from CDNI framework documents: CDNI
framework document [RFC7336], CDNI requirements [RFC7337] and CDNI framework document [RFC7336], CDNI requirements [RFC7337] and CDNI
interface specifications documents: CDNI Metadata interface [RFC8006] interface specifications documents: CDNI Metadata interface [RFC8006]
and CDNI Control interface / Triggers [RFC8007]. and CDNI Control interface / Triggers [RFC8007].
2.1. Change Log 2.1. Change Log
draft-cdni-https-delegation-subcerts-02
* minor typos and reformulation
draft-cdni-https-delegation-subcerts-01 draft-cdni-https-delegation-subcerts-01
* Changed the semantics behind FCI.DelegatedCredentials: FCI object * Changed the semantics behind FCI.DelegatedCredentials: FCI object
allows the dCDN to announce the maximum number of delegated allows the dCDN to announce the maximum number of delegated
credentials supported. FCI object is not used to cope with expiry and credentials supported. FCI object is not used to cope with expiry and
renewal of delegated credential. Updated section 4.2 and section 6. renewal of delegated credential. Updated section 4.2 and section 6.
accordingly. * Name change of property: from number-delegated-certs- accordingly. * Name change of property: from number-delegated-certs-
needed to number-delegated-certs-supported needed to number-delegated-certs-supported
INTERNET DRAFT <Document Title> <Issue Date>
draft-cdni-https-delegation-subcerts-00 draft-cdni-https-delegation-subcerts-00
* Added object FCI.DelegatedCredentials allowing to announce the * Added object FCI.DelegatedCredentials allowing to announce the
number of credentials needed number of credentials needed
INTERNET DRAFT <Document Title> <Issue Date>
* Removed object MI.ConfDelegatedCredentials * Removed object MI.ConfDelegatedCredentials
* MI.DelegatedCredentials changed: private key is now optional, * MI.DelegatedCredentials changed: private key is now optional,
arrays used to embed multiple delegated credentials within the arrays used to embed multiple delegated credentials within the
object. object.
* Added sections on privacy and security considerations * Added sections on privacy and security considerations
draft-fieau-interfaces-https-delegation-subcerts-01 draft-fieau-interfaces-https-delegation-subcerts-01
skipping to change at page 4, line 50 skipping to change at page 5, line 5
drafts to handle delegation of HTTPS delivery between entities. drafts to handle delegation of HTTPS delivery between entities.
[RFC8739] specifies the Support for Short-Term, Automatically Renewed [RFC8739] specifies the Support for Short-Term, Automatically Renewed
(STAR) Certificates in the Automated Certificate Management (STAR) Certificates in the Automated Certificate Management
Environment (ACME). [RFC9115] specifies the automatic generation of Environment (ACME). [RFC9115] specifies the automatic generation of
delegated certificates in ACME. Together these two RFCs allow delegated certificates in ACME. Together these two RFCs allow
managing short term delegated certificates with ACME. [I-D.ietf-cdni- managing short term delegated certificates with ACME. [I-D.ietf-cdni-
interfaces-https-delegation] specifies the HTTPS delegation between interfaces-https-delegation] specifies the HTTPS delegation between
the CDN entities using CDNI interfaces using the STAR/ACME delegation the CDN entities using CDNI interfaces using the STAR/ACME delegation
method. method.
INTERNET DRAFT <Document Title> <Issue Date>
Instead of working with actual certificates, [I-D.ietf-tls-subcerts] Instead of working with actual certificates, [I-D.ietf-tls-subcerts]
proposes the use of delegated credentials. This Internet Draft (I-D) proposes the use of delegated credentials. This Internet Draft (I-D)
specifies the HTTPS delegation between the CDN entities using CDNI specifies the HTTPS delegation between the CDN entities using CDNI
interfaces by relying on the use of delegated credentials as a interfaces by relying on the use of delegated credentials as a
delegation method as defined in [I-D.ietf-tls-subcerts]. delegation method as defined in [I-D.ietf-tls-subcerts].
INTERNET DRAFT <Document Title> <Issue Date>
4. CDNI Footprint and Capabilities Advertisement interface (FCI) for 4. CDNI Footprint and Capabilities Advertisement interface (FCI) for
delegated credentials delegated credentials
A dCDN should advertise its supported delegation methods using the A dCDN should advertise its supported delegation methods using the
Footprint and Capabilities interface (FCI) as defined in RFC8008. Footprint and Capabilities interface (FCI) as defined in RFC8008.
With FCI, the dCDN informs the uCDN about its capabilities and the MI With FCI, the dCDN informs the uCDN about its capabilities and the MI
objects supported by the dCDN. Accordingly, to announce the support objects supported by the dCDN. Accordingly, to announce the support
for delegated credentials, the dCDN should announce the support of for delegated credentials, the dCDN should announce the support of
MI.DelegatedCredentials. MI.DelegatedCredentials.
skipping to change at page 5, line 49 skipping to change at page 6, line 4
{ {
"capabilities": [ "capabilities": [
{ {
"capability-type": "FCI.DelegatedCredentials", "capability-type": "FCI.DelegatedCredentials",
"capability-value": { "capability-value": {
"number-delegated-certs-supported": 10 "number-delegated-certs-supported": 10
} }
"footprints": [ "footprints": [
<Footprint objects> <Footprint objects>
] ]
INTERNET DRAFT <Document Title> <Issue Date>
} }
] ]
} }
4.2 Expected usage of FCI.DelegatedCredentials 4.2 Expected usage of FCI.DelegatedCredentials
INTERNET DRAFT <Document Title> <Issue Date>
The dCDN uses the FCI.DelegatedCredentials to announce the number of The dCDN uses the FCI.DelegatedCredentials to announce the number of
endpoints as the number of supported delegated credentials. endpoints as the number of supported delegated credentials.
When uCDN queries and retrieves the FCI object it can push the When uCDN queries and retrieves the FCI object it can push the
supported number of delegated credentials to the dCDN. When supported number of delegated credentials to the dCDN. When
configuring the dCDN, the uCDN may decide to provide less than the configuring the dCDN, the uCDN may decide to provide less than the
maximum supported delegated credentials of the dCDN. Note that, maximum supported delegated credentials of the dCDN. Note that,
within a dCDN different deployment possibilities of the delegated within a dCDN different deployment possibilities of the delegated
credentials on the endpoints exist. The dCDN may use one single credentials on the endpoints exist. The dCDN may use one single
delegated credential and deploy it on multiple endpoints. delegated credential and deploy it on multiple endpoints.
Alternatively, the dCDN may deploy a different delegated credential Alternatively, the dCDN may deploy a different delegated credential
for each endpoint (provided that the uCDN delivers enough different for each endpoint (provided that the uCDN delivers enough different
delegated credentials). This choice depends on the number of delegated credentials). This choice depends on the number of
delegated credentials provided by the uCDN. delegated credentials provided by the uCDN.
FCI.DelegationCredentials is not used to cope with expiry and renewal FCI.DelegationCredentials is not used to cope with expiry and renewal
of delegated credentials. Once the dCDN has provided delegated of delegated credentials. Once the uCDN has provided delegated
credentials via the MI interface, uCDN must remember and keep track credentials via the MI interface, uCDN must remember and keep track
of the provided credentials and their expiry times. The uCDN knowing of the provided credentials and their expiry times. The uCDN knowing
the expiry times, it is up to the uCDN to refresh and provision on the expiry times, it is up to the uCDN to refresh and provision on
time the dCDN with new credentials through MI interface according to time the dCDN with new credentials through MI interface according to
the dCDN capability. the dCDN capability.
5. CDNI Metadata interface (MI) for delegated credentials 5. CDNI Metadata interface (MI) for delegated credentials
As expressed in [I-D.ietf-tls-subcerts], when an origin has set a As expressed in [I-D.ietf-tls-subcerts], when an origin has set a
delegation to a downstream entity such as a downstream CDN (i.e. delegation to a downstream entity such as a downstream CDN (i.e.
skipping to change at page 6, line 47 skipping to change at page 7, line 5
DelegatedCredential.cred [I-D.ietf-tls-subcerts]. This allows the end DelegatedCredential.cred [I-D.ietf-tls-subcerts]. This allows the end
user client to verify the signature in CertificateVerify message sent user client to verify the signature in CertificateVerify message sent
and signed by the dCDN. and signed by the dCDN.
This section defines the object, MI.DelegatedCredentials containing This section defines the object, MI.DelegatedCredentials containing
an array of delegated credentials and optionally the corresponding an array of delegated credentials and optionally the corresponding
private keys. The CDNI Metadata Interface [RFC8006] describes the private keys. The CDNI Metadata Interface [RFC8006] describes the
CDNI metadata distribution mechanisms according to which a dCDN can CDNI metadata distribution mechanisms according to which a dCDN can
retrieve the MI.DelegatedCredentials object from the uCDN. retrieve the MI.DelegatedCredentials object from the uCDN.
INTERNET DRAFT <Document Title> <Issue Date>
The properties of the MI.DelegatedCredentials object are as follows. The properties of the MI.DelegatedCredentials object are as follows.
Property: delegated-credentials Property: delegated-credentials
Description: Array of delegated credentials Description: Array of delegated credentials
Type: array Type: array
INTERNET DRAFT <Document Title> <Issue Date>
Mandatory-to-Specify: Yes Mandatory-to-Specify: Yes
Each item of the array of the property delegated-credentials is Each item of the array of the property delegated-credentials is
composed of the following two properties: composed of the following two properties:
Property: delegated-credential Property: delegated-credential
Description: Hex-encoded delegated credential structure Description: Hex-encoded delegated credential structure
DelegatedCredential as defined in [I-D.ietf-tls-subcerts] DelegatedCredential as defined in [I-D.ietf-tls-subcerts]
skipping to change at page 7, line 47 skipping to change at page 8, line 4
{"delegated-credential": {"delegated-credential":
"70105f9bc28aea93f3fed7602b279dc0... "70105f9bc28aea93f3fed7602b279dc0...
8970822009b330cd11f052c8dc16b451"}, 8970822009b330cd11f052c8dc16b451"},
{"delegated-credential": {"delegated-credential":
"e29c881ad8c5772b35fbdcbfe2c4bf16... "e29c881ad8c5772b35fbdcbfe2c4bf16...
27e87d967458ff18268bae512c62a847"}, 27e87d967458ff18268bae512c62a847"},
{"delegated-credential": {"delegated-credential":
"e8f5853b4836017bd46942d72ce6dc54... "e8f5853b4836017bd46942d72ce6dc54...
1d7a25753fea698082344c8273c24cd8"} 1d7a25753fea698082344c8273c24cd8"}
] ]
INTERNET DRAFT <Document Title> <Issue Date>
} }
} }
6. Delegated credentials call flows 6. Delegated credentials call flows
An example call-flow using delegated credentials in CDNI is depicted An example call-flow using delegated credentials in CDNI is depicted
in Figure 1. in Figure 1.
INTERNET DRAFT <Document Title> <Issue Date>
1. We suppose that the uCDN has been provisioned and configured with 1. We suppose that the uCDN has been provisioned and configured with
a certificate. Note that it is out of scope of CDNI and the present a certificate. Note that it is out of scope of CDNI and the present
document how and from where (e.g. CSP) the uCDN acquired its document how and from where (e.g. CSP) the uCDN acquired its
certificate. certificate.
2. The uCDN generates a set of delegated credentials (here we suppose 2. The uCDN generates a set of delegated credentials (here we suppose
that public keys of the dCDN are known). Note, that the uCDN may that public keys of the dCDN are known). Note, that the uCDN may
generate this material at different points in time, e.g. in advance generate this material at different points in time, e.g. in advance
to have a pool of delegated credentials or on-demand when dCDN to have a pool of delegated credentials or on-pupose when dCDN
requires new delegated credentials. announces its maximum number of required delegated crednetials.
3. Using CDNI Footprint and Capabilities interface [RFC8008], the 3. Using CDNI Footprint and Capabilities interface [RFC8008], the
dCDN advertises MI.DelegatedCredentials capabilities to the uCDN. The dCDN advertises MI.DelegatedCredentials capabilities to the uCDN. The
dCDN further uses FCI.DelegatedCredentials to inform on the maximum dCDN further uses FCI.DelegatedCredentials to inform on the maximum
number of supported delegated credentials. number of supported delegated credentials.
4. Using CDNI the Metadata interface [RFC8006], the dCDN acquires the 4. Using CDNI the Metadata interface [RFC8006], the dCDN acquires the
MI.DelegatedCredentials, therefore retrieving an array of delegated MI.DelegatedCredentials, therefore retrieving an array of delegated
credentials. credentials.
skipping to change at page 8, line 46 skipping to change at page 9, line 4
| | | | | |
| | [1.uCDN acquires its certificate | | [1.uCDN acquires its certificate
| | out of scope of CDNI] | | out of scope of CDNI]
| | | | | |
| | [2.generation of | | [2.generation of
| | delegated credentials] | | delegated credentials]
| | | | | |
| 3. CDNI FCI interface used to | 3. CDNI FCI interface used to
| advertise support of MI.DelegatedCredentials | advertise support of MI.DelegatedCredentials
| and announce number of delegated credentials | and announce number of delegated credentials
INTERNET DRAFT <Document Title> <Issue Date>
| supported using FCI.DelegatedCredentials | supported using FCI.DelegatedCredentials
| |-------------------->+ | |-------------------->+
| | | | | |
| 4. CDNI Metadata interface used to | 4. CDNI Metadata interface used to
| provide the MI.DelegatedCredential object | provide the MI.DelegatedCredential object
| |<--------------------+ | |<--------------------+
| | | | | |
| | | | | |
INTERNET DRAFT <Document Title> <Issue Date>
[5. TLS handshake according | [5. TLS handshake according |
to [I-D.ietf-tls-subcerts]] | to [I-D.ietf-tls-subcerts]] |
|<------------------->| | |<------------------->| |
| | | | | |
| 6.Some delegated credentials about to expire. | 6.Some delegated credentials about to expire.
| CDNI Metadata interface used to | CDNI Metadata interface used to
| provide new MI.DelegatedCredential object | provide new MI.DelegatedCredential object
| |<--------------------+ | |<--------------------+
| | | | | |
Figure 1: Example call-flow of Delegated credentials in CDNI Figure 1: Example call-flow of Delegated credentials in CDNI
skipping to change at page 9, line 44 skipping to change at page 10, line 4
7.1 CDNI MI DelegatedCredentials Payload Type 7.1 CDNI MI DelegatedCredentials Payload Type
Purpose: The purpose of this Payload Type is to distinguish Delegated Purpose: The purpose of this Payload Type is to distinguish Delegated
Credentials MI objects (and any associated capability advertisement) Credentials MI objects (and any associated capability advertisement)
Interface: MI/FCI Interface: MI/FCI
Encoding: see corresponding section Encoding: see corresponding section
7.1 CDNI FCI DelegatedCredentials Payload Type 7.1 CDNI FCI DelegatedCredentials Payload Type
INTERNET DRAFT <Document Title> <Issue Date>
Purpose: The purpose of this Payload Type is to advertise the number Purpose: The purpose of this Payload Type is to advertise the number
of delegated credentials needed (and any associated capability of delegated credentials needed (and any associated capability
advertisement) advertisement)
Interface: FCI Interface: FCI
Encoding: see corresponding section Encoding: see corresponding section
INTERNET DRAFT <Document Title> <Issue Date>
8. Security Considerations 8. Security Considerations
The extensions defined in the present document allow to provide The extensions defined in the present document allow to provide
delegated credentials to dCDNs. The delegated credentials themselves delegated credentials to dCDNs. The delegated credentials themselves
are short-lived and as such a single leaked delegated credential are short-lived and as such a single leaked delegated credential
represents a limited security risk. However, it is important to represents a limited security risk. However, it is important to
ensure that an attacker is not able to systematically retrieve a more ensure that an attacker is not able to systematically retrieve a more
important number of delegated credentials. Such an attack would allow important number of delegated credentials. Such an attack would allow
the attacker to systematically impersonate dCDN nodes. the attacker to systematically impersonate dCDN nodes.
skipping to change at page 10, line 48 skipping to change at page 11, line 5
Progress, Internet-Draft, draft-ietf-tls-subcerts-15, 15 Progress, Internet-Draft, draft-ietf-tls-subcerts-15, 15
June 2022, <https://datatracker.ietf.org/doc/html/draft- June 2022, <https://datatracker.ietf.org/doc/html/draft-
ietf-tls-subcerts-15>. ietf-tls-subcerts-15>.
[RFC9115] Sheffer, Y., Lopez, D., Pastor Perales, A., and T. Fossati, [RFC9115] Sheffer, Y., Lopez, D., Pastor Perales, A., and T. Fossati,
"An Automatic Certificate Management Environment (ACME) "An Automatic Certificate Management Environment (ACME)
Profile for Generating Delegated Certificates", RFC 9115, Profile for Generating Delegated Certificates", RFC 9115,
DOI 10.17487/RFC9115, September 2021, <https://www.rfc- DOI 10.17487/RFC9115, September 2021, <https://www.rfc-
editor.org/info/rfc9115>. editor.org/info/rfc9115>.
INTERNET DRAFT <Document Title> <Issue Date>
[RFC8739] Sheffer, Y., Lopez, D., Gonzalez de Dios, O., Pastor [RFC8739] Sheffer, Y., Lopez, D., Gonzalez de Dios, O., Pastor
Perales, A., and T. Fossati, "Support for Short-Term, Perales, A., and T. Fossati, "Support for Short-Term,
Automatically Renewed (STAR) Certificates in the Automated Automatically Renewed (STAR) Certificates in the Automated
Certificate Management Environment (ACME)", RFC 8739, DOI Certificate Management Environment (ACME)", RFC 8739, DOI
10.17487/RFC8739, March 2020, <https://www.rfc- 10.17487/RFC8739, March 2020, <https://www.rfc-
editor.org/info/rfc9115>. editor.org/info/rfc9115>.
INTERNET DRAFT <Document Title> <Issue Date>
[RFC8006] Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma, [RFC8006] Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma,
"Content Delivery Network Interconnection (CDNI) "Content Delivery Network Interconnection (CDNI)
Metadata", RFC 8006, DOI 10.17487/RFC8006, December 2016, Metadata", RFC 8006, DOI 10.17487/RFC8006, December 2016,
<https://www.rfc-editor.org/info/rfc8006>. <https://www.rfc-editor.org/info/rfc8006>.
[RFC8007] Murray, R. and B. Niven-Jenkins, "Content Delivery Network [RFC8007] Murray, R. and B. Niven-Jenkins, "Content Delivery Network
Interconnection (CDNI) Control Interface / Triggers", RFC Interconnection (CDNI) Control Interface / Triggers", RFC
8007, DOI 10.17487/RFC8007, December 2016, 8007, DOI 10.17487/RFC8007, December 2016,
<https://www.rfc-editor.org/info/rfc8739>. <https://www.rfc-editor.org/info/rfc8739>.
skipping to change at page 11, line 46 skipping to change at page 12, line 5
[RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution [RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution
Network Interconnection (CDNI) Requirements", RFC 7337, Network Interconnection (CDNI) Requirements", RFC 7337,
DOI 10.17487/RFC7337, August 2014, <https://www.rfc- DOI 10.17487/RFC7337, August 2014, <https://www.rfc-
editor.org/info/rfc7337>. editor.org/info/rfc7337>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
Authors' Addresses
INTERNET DRAFT <Document Title> <Issue Date> INTERNET DRAFT <Document Title> <Issue Date>
Authors' Addresses
Frederic Fieau Frederic Fieau
Orange Orange
40-48, avenue de la Republique 40-48, avenue de la Republique
92320 Chatillon 92320 Chatillon
France France
Email: frederic.fieau@orange.com Email: frederic.fieau@orange.com
Emile Stephan Emile Stephan
Orange Orange
 End of changes. 28 change blocks. 
27 lines changed or deleted 34 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/