Reviewer: Thomas Fossati
Review result: Ready with Nits
# Abstract
I suggest to slightly increase the precision:
OLD
[...] This document defines an FCI
protocol using the Application-Layer Traffic Optimization (ALTO)
protocol, following the guidelines defined in RFC 8008.
NEW
[...] This document defines a new Application-Layer Traffic
Optimization (ALTO) service called "CDNI Advertisement Service" that
provides an implementation of the FCI, following the guidelines
defined in RFC 8008.
# Section 2.1
While, in general, I have found the introduction and background section to
contain very clear and valuable information about context, rationale and
high level requirements and features, I am having some trouble parsing
this bit:
[...] Multiple
footprint constraints are additive, i.e., the advertisement of
different types of footprint narrows the dCDN candidacy
cumulatively.
Maybe it's just me, but I'd have appreciated if you could unpack this a
little.
# Section 2.2
For identification it's not the integrity property of signatures that
you care about but origin authentication:
OLD
o Security: The identification between uCDNs and dCDNs is an
important requirement. ALTO maps can be signed and hence provide
inherent integrity protection. Please see Section 8.
NEW
o Security: The identification between uCDNs and dCDNs is an
important requirement. ALTO maps can be signed and hence provide
inherent origin authentication. Please see Section 8.
It is not clear to a newcomer why a RESTful design is listed as one of
the criteria for choosing ALTO. Please be more specific about the
advantages. E.g., it's a good fit with the rest of the CDNI suite and
therefore reduces the cognitive dissonance for users and developers
alike? It allows at least some level of code reuse?
Typo:
OLD
[...] A CDNI FCI interface based on ALTO
would inherit this this extensive error-handling framework.
NEW
[...] A CDNI FCI interface based on ALTO
would inherit this extensive error-handling framework.
At this point in the document it may not be necessarily evident what
"the new endpoint property for ALTO" is -- at least to a newcomer. I
suggest sticking a reference to I-D.ietf-alto-unified-props-new when
the term is first introduced.
# Section 3
I suggest adding a note regarding I-JSON (as per RFC 8008).
# Section 3.1
Is this the only CDNI interface envisaged in ALTO? If the answer is
either "no" or "I don't know", it's probably better being more specific
WRT the name choice of the media type -- e.g.,
"application/alto-cdni-advertisement+json"?
# Section 3.2
Is there any specific recommendation regarding caching of these
resources?
# Section 3.5
The "uses" field SHOULD NOT appear unless the CDNI Advertisement
resource depends on other ALTO information resources
If the semantic of uses is not defined without an explicit resource
dependency why should you allow that? I.e., why is this not a MUST NOT
rather than just a SHOULD NOT?
# Section 3.6
Expand IRD. Maybe a better place to introduce the acronym is in Section
3.
What is the semantics of a CDNIAdvertisementData with empty
capabilities-with-footprints? (I suggest you provide a one-liner that
presents the context in which that would be meaningful.)
What is the semantics of ""global" coverage"? Is it what is
contractually (i.e., OOB) defined for the dCDN?
This text:
To be self-contained, below is a non-normative specification of
BaseAdvertisementObject.
I don't understand the "non-normative" bit: isn't this normatively
describing the syntax that implements the semantics defined in the CDNI
doc?
I am having a hard time parsing this text:
Note: Further optimization of BaseAdvertisement objects to
effectively provide the advertisement of capabilities with footprint
restrictions is certainly possible.
what optimisation are hinted here? And what is their relation with the
examples? Are those associated with the use of altopid? If so, you
should consider adding a forward reference to section 4.1 here.
# Section 3.7.3
Typo:
OLD
due to maintenance of the https/1.1 clusters
NEW
due to maintenance of the http/1.1 clusters
# Section 3.7.3
At the end of:
A benefit of using ALTO to provide CDNI Advertisement resources is
that such resources can be updated using ALTO incremental updates
maybe add a reference to RFC8895 (also, I think RFC8895 should be
normatively referenced rather than just informatively?)
There seems to be a typo in the example:
OLD
data: "capabilities": [
data: {
data: "capability-type": "FCI.DeliveryProtocol",
NEW
data: "capabilities-with-footprints": [
data: {
data: "capability-type": "FCI.DeliveryProtocol",
# Section 5.3
The definition:
[CDNIFCICapability cdni-capabilities<0..*>;]
looks a bit odd. I'd have thought one of
CDNIFCICapability cdni-capabilities<0..*>;
or
[CDNIFCICapability cdni-capabilities<1..*>;]
would give the client all it needs to say: "give me the full resource".
Typo:
OLD
cdni-fci-capabilities: A list of CDNI capabilities defined in
NEW
cdni-capabilities: A list of CDNI capabilities defined in
# Section 5.6
Maybe put the conditional clause first:
OLD
The response MUST indicate an error, using ALTO protocol error
handling specified in Section 8.5 of the ALTO protocol [RFC7285], if
the request is invalid.
NEW
If the request is invalid, the response MUST indicate an error
using the ALTO protocol error handling specified in Section 8.5
of [RFC7285].
[...] a filtered CDNI Advertisement request is invalid if:
o the value of "capability-type" is null;
o the value of "capability-value" is null;
What if one of capability-type or capability-value is missing? What if
one of them is the empty value for the type or if any mandatory fields
are missing? What if the value in "capability-type" is not known? It'd
seem to me that the conditions that can make a request invalid can be
many more than those currently listed. And in general I'd leave the
decision to the server.
Typo (same as above):
OLD
superset of one of CDNI capability object in "cdni-fci-capabilities".
NEW
superset of one of CDNI capability object in "cdni-capabilities".
# Section 5.7.3
(also in Sections 6.3.2 and 6.3.3)
Typo:
OLD
HOST: alto.example.com
NEW
Host: alto.example.com
# Section 6.1
o According to [I-D.ietf-alto-unified-props-new], "ipv4" and "ipv6"
are two predefined entity domain types, which can be used to
represent "ipv4cidr" and "ipv6cidr" footprints respectively.
AFAIU, for both ipv4 and ipv6, unified-props-new makes an encoding
distinction between individual and hierarchical addresses. However,
ipv4cidr and ipv6cidr are always encoded as CIDR blocks, so the mapping
is not perfect and need a small adjustment (e.g., 192.0.2.1 =>
192.0.2.1/32). Maybe this is worth noting?
# Section 7.1
The alignment in Table 1 is quite atrocious :-) Also, in the
Specification column rather than just "Section N", consider using
"Section N of RFCthis" -- same as you do in Table 2 and 3.
# Section 7.2
OLD
As proposed in Section 7.2 of [RFC8006], "CDNI Metadata Footprint
Types" registry is requested. A new footprint type is to be
registered, listed in Table 2.
NEW
IANA is requested to add the footprint type "altopid" described
in Table 2 to the "CDNI Metadata Footprint Types" registry.
# Section 7.3
OLD
As proposed in Section 11.2 of [I-D.ietf-alto-unified-props-new],
"ALTO Entity Domain Type Registry" is requested. Two new entity
domain types are to be registered, listed in Table 3.
NEW
IANA is requested to add the entity domain types "asn" and
"countrycode" described in Table 3 to the "ALTO Entity Domain Type"
registry.
Also, please fix the alignment of the "Entity Address Encoding" column
in Table 3.
# Section 7.4
OLD
As proposed in Section 11.3 of [I-D.ietf-alto-unified-props-new],
"ALTO Entity Property Type Registry" is required. A new entity
property type is to be registered, listed in Table 4.
NEW
IANA is requested to add the identifier "cdni-capabilities"
described in Table 4 to the "ALTO Entity Property Type" registry.
# Section 8
OLD
Although protection strategies as described in Section 15 of
[RFC7285] should be applied to address aforementioned security
considerations, [...]
NEW
Although protection strategies as described in Section 15 of
[RFC7285] should be applied to address aforementioned security
and privacy considerations, [...]
_______________________________________________
alto mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/alto
