One document matched: draft-ietf-cdni-uri-signing-06.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="4"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" docName="draft-ietf-cdni-uri-signing-06" ipr="trust200902">
<front>
<title abbrev="CDNI URI Signing">URI Signing for CDN Interconnection
(CDNI)</title>
<author fullname="Kent Leung" initials="K" surname="Leung">
<organization>Cisco Systems</organization>
<address>
<postal>
<street>3625 Cisco Way</street>
<city>San Jose</city>
<code>95134</code>
<country>USA</country>
</postal>
<phone>+1 408 526 5030</phone>
<email>kleung@cisco.com</email>
</address>
</author>
<author fullname="Francois Le Faucheur" initials="F. "
surname="Le Faucheur">
<organization>Cisco Systems</organization>
<address>
<postal>
<street>Greenside, 400 Avenue de Roumanille</street>
<city>Sophia Antipolis</city>
<code>06410</code>
<country>France</country>
</postal>
<phone>+33 4 97 23 26 19</phone>
<email>flefauch@cisco.com</email>
</address>
</author>
<author fullname="Ray van Brandenburg" initials="R"
surname="van Brandenburg">
<organization>TNO</organization>
<address>
<postal>
<street>Anna van Buerenplein 1</street>
<city>Den Haag</city>
<region/>
<code>2595DC</code>
<country>the Netherlands</country>
</postal>
<phone>+31 88 866 7000</phone>
<email>ray.vanbrandenburg@tno.nl</email>
</address>
</author>
<author fullname="Bill Downey" initials="B" surname="Downey">
<organization>Verizon Labs</organization>
<address>
<postal>
<street>60 Sylvan Road</street>
<city>Waltham</city>
<region>Massachusetts</region>
<code>02451</code>
<country>USA</country>
</postal>
<phone>+1 781 466 2475</phone>
<email>william.s.downey@verizon.com</email>
</address>
</author>
<author fullname="Michel Fisher" initials="M" surname="Fisher">
<organization>Limelight Networks</organization>
<address>
<postal>
<street>222 S Mill Ave</street>
<city>Tempe</city>
<region>AZ</region>
<code>85281</code>
<country>USA</country>
</postal>
<phone>+1 360 419 5185</phone>
<email>mfisher@llnw.com</email>
</address>
</author>
<date day="" month="" year=""/>
<workgroup>CDNI</workgroup>
<abstract>
<t>This document describes how the concept of URI signing supports the
content access control requirements of CDNI and proposes a URI signing
scheme.</t>
<t>The proposed URI signing method specifies the information needed to
be included in the URI and the algorithm used to authorize and to
validate access requests for the content referenced by the URI. The mechanism described can be used both in CDNI and single CDN scenarios.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>This document describes the concept of URI Signing and how it can be used to provide access authorization in the case of redirection between interconnected CDNs (CDNI) and between a Content Service Provider (CSP) and a CDN. The primary goal of URI Signing is to make sure that only authorized User Agents (UAs) are able to access the content, with a CSP being able to authorize every individual request. It should be noted that URI Signing is not a content protection scheme; if a CSP wants to protect the content itself, other mechanisms, such as DRM, are more appropriate. In addition to access control, URI Signing also has benefits in reducing the impact of denial-of-service attacks.</t>
<t>The overall problem space for CDN Interconnection (CDNI) is described
in <xref target="RFC6707">CDNI Problem Statement</xref>. In this
document, along with the <xref target="RFC7337">CDNI Requirements</xref>
document and the <xref target="RFC7336">CDNI Framework </xref> the need
for interconnected CDNs to be able to implement an access control
mechanism that enforces the CSP's distribution policy is described.</t>
<t>Specifically, <xref target="RFC7336">CDNI Framework</xref>
states:</t>
<t>"The CSP may also trust the CDN operator to perform actions such as
..., and to enforce per-request authorization performed by the CSP using
techniques such as URI signing."</t>
<t>In particular, the following requirement is listed in <xref
target="RFC7337">CDNI Requirements</xref>:</t>
<t>"MI-16 [HIGH] The CDNI Metadata Distribution interface shall allow
signaling of authorization checks and validation that are to be
performed by the surrogate before delivery. For example, this could
potentially include:</t>
<t>* need to validate URI signed information (e.g. Expiry time, Client
IP address)."</t>
<t>This document proposes a URI Signing scheme that allows Surrogates in
interconnected CDNs to enforce a per-request authorization performed by
the CSP. Splitting the role of performing per-request authorization by
CSP and the role of validation of this authorization by the CDN allows
any arbitrary distribution policy to be enforced across CDNs without the
need of CDNs to have any awareness of the actual CSP distribution
policy.</t>
<section title="Terminology">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref
target="RFC2119"/>.</t>
<t>This document uses the terminology defined in <xref
target="RFC6707">CDNI Problem Statement </xref>.</t>
<t>This document also uses the terminology of <xref
target="RFC2104">Keyed-Hashing for Message Authentication
(HMAC)</xref>.</t>
<t>In addition, the following terms are used throughout this
document:</t>
<t><list style="symbols">
<t>URI Signature: Message digest or digital signature that is
computed with an algorithm for protecting the URI.</t>
<t>Original URI: The URI before URI Signing is applied.</t>
<t>Signed URI: Any URI that contains a URI Signature.</t>
<t>Target CDN URI: Embedded URI created by the CSP to direct UA
towards the Upstream CDN. The Target CDN URI can be signed by the
CSP and verified by the Upstream CDN.</t>
<t>Redirection URI: URI created by the Upstream CDN to redirect UA
towards the Downstream CDN. The Redirection URI can be signed by
the Upstream CDN and verified by the Downstream CDN. In a cascaded
CDNI scenario, there can be more than one Redirection URI.</t>
</list></t>
</section>
<section anchor="background" title="Background and overview on URI Signing ">
<t>A CSP and CDN are assumed to have a trust relationship that enables
the CSP to authorize access to a content item by including a set of
attributes in the URI before redirecting a UA to the CDN. Using these
attributes, it is possible for a CDN to check an incoming content
request to see whether it was authorized by the CSP (e.g. based on the
UA's IP address or a time window). Of course, the attributes need to
be added to the URI in a way that prevents a UA from changing the
attributes, thereby leaving the CDN to think that the request was
authorized by the CSP when in fact it wasn't. For this reason, a URI
Signing mechanism includes in the URI a message digest or digital
signature that allows a CDN to check the authenticity of the URI. The
message digest or digital signature can be calculated based on a
shared secret between the CSP and CDN or using CSP's asymmetric
public/private key pair, respectively.</t>
<t>Figure 1, shown below, presents an overview of the URI Signing
mechanism in the case of a CSP with a single CDN. When the UA browses
for content on CSP's website (#1), it receives HTML web pages with
embedded content URIs. Upon requesting these URIs, the CSP redirects
to a CDN, creating a Target CDN URI (#2) (alternatively, the Target
CDN URI itself is embedded in the HTML). The Target CDN URI is the
Signed URI which may include the IP address of the UA and/or a time
window and always contains the URI Signature which is generated by the
CSP using the shared secret or a private key. Once the UA receives the
response with the embedded URI, it sends a new HTTP request using the
embedded URI to the CDN (#3). Upon receiving the request, the CDN
checks to see if the Signed URI is authentic by verifying the URI
signature. If applicable, it checks whether the IP address of the HTTP
request matches that in the Signed URI and if the time window is still
valid. After these values are confirmed to be valid, the CDN delivers
the content (#4).</t>
<figure anchor="fig_single_cdn"
title="Figure 1: URI Signing in a CDN Environment">
<artwork><![CDATA[
--------
/ \
| CSP |< * * * * * * * * * * *
\ / Trust *
-------- relationship *
^ | *
| | *
1. Browse | | 2. Signed *
for | | URI *
content | | *
| v v
+------+ 3. Signed URI --------
| User |----------------->/ \
| Agent| | CDN |
| |<-----------------\ /
+------+ 4. Content --------
Delivery
]]></artwork>
</figure>
</section>
<section title="CDNI URI Signing Overview">
<t>In a CDNI environment, URI Signing operates the same way in the
initial steps #1 and #2 but the later steps involve multiple CDNs in
the process of delivering the content. The main difference from the
single CDN case is a redirection step between the Upstream CDN and the
Downstream CDN. In step #3, UA may send HTTP request or DNS request.
Depending on whether HTTP-based or DNS-based request routing is used,
the Upstream CDN responds by directing the UA towards the Downstream
CDN using either a Redirection URI (which is a Signed URI generated by
the Upstream CDN) or a DNS reply, respectively (#4). Once the UA
receives the response, it sends the Redirection URI/Target CDN URI to
the Downstream CDN (#5). The received URI is validated by the
Downstream CDN before delivering the content (#6). This is depicted in
the figure below. Note: The CDNI call flows are covered in <xref
target="operation">Detailed URI Signing Operation</xref>.</t>
<figure title="Figure 2: URI Signing in a CDNI Environment">
<artwork><![CDATA[
+-------------------------+
|Request Redirection Modes|
+-------------------------+
| a) HTTP |
| b) DNS |
+-------------------------+
--------
/ \< * * * * * * * * * * * * * *
| CSP |< * * * * * * * * * * * *
\ / Trust * *
-------- relationship * *
^ | * *
| | 2. Signed * *
1. Browse | | URI in * *
for | | HTML * *
content | | * *
| v 3.a)Signed URI v *
+------+ b)DNS request -------- * Trust
| User |----------------->/ \ * relationship
| Agent| | uCDN | * (optional)
| |<-----------------\ / *
+------+ 4.a)Redirection URI------- *
^ | b)DNS Reply ^ *
| | * *
| | Trust relationship * *
| | * *
6. Content | | 5.a)Redirection URI * *
delivery | | b)Signed URI(after v v
| | DNS exchange) --------
| +---------------------->/ \ [May be
| | dCDN | cascaded
+--------------------------\ / CDNs]
--------
+-----------------------------------------+
| Key | Asymmetric | Symmetric |
+-----------------------------------------+
|HTTP |Public key (uCDN)|Shared key (uCDN)|
|DNS |Public key (CSP) |Shared key (CSP) |
+-----------------------------------------+
]]></artwork>
</figure>
<t>The trust relationships between CSP, Upstream CDN, and Downstream
CDN have direct implications for URI Signing. In the case shown in
Figure 2, the CDN that the CSP has a trust relationship with is the
Upstream CDN. The delivery of the content may be delegated to the
Downstream CDN, which has a relationship with the Upstream CDN but may
have no relationship with the CSP.</t>
<t>In CDNI, there are two methods for request routing: DNS-based and
HTTP-based. For DNS-based request routing, the Signed URI (i.e. Target
CDN URI) provided by the CSP reaches the Downstream CDN directly. In
the case where the Downstream CDN does not have a trust relationship
with the CSP, this means that only an asymmetric public/private key
method can be used for computing the URI Signature because the CSP and
Downstream CDN are not able to exchange symmetric shared secret keys.
Since the CSP is unlikely to have relationships with all the
Downstream CDNs that are delegated to by the Upstream CDN, the CSP may
choose to allow the Authoritative CDN to redistribute the shared key
to a subset of their Downstream CDNs .</t>
<t>For HTTP-based request routing, the Signed URI (i.e. Target CDN
URI) provided by the CSP reaches the Upstream CDN. After this URI has
been verified to be correct by the Upstream CDN, the Upstream CDN
creates and signs a new Redirection URI to redirect the UA to the
Downstream CDN. Since this new URI also has a new URI Signature, this
new signature can be based around the trust relationship between the
Upstream CDN and Downstream CDN, and the relationship between the
Downstream CDN and CSP is not relevant. Given the fact that such a
relationship between Upstream CDN and Downstream CDN always exists,
both asymmetric public/private keys and symmetric shared secret keys
can be used for URI Signing. Note that the signed Redirection URI
MUST maintain the same, or higher, level of security as the original Signed
URI.</t>
</section>
<section title="URI Signing in a non-CDNI context">
<t>While the URI signing scheme defined in this document was primarily
created for the purpose of allowing URI Signing in CDNI scenarios,
e.g. between a uCDN and a dCDN or between a CSP and a dCDN, there is
nothing in the defined URI Signing scheme that precludes it from being
used in a non-CDNI context. As such, the described mechanism could be
used in a single-CDN scenario such as shown in <xref
target="fig_single_cdn"/> in <xref target="background"/>, for example
to allow a CSP that uses different CDNs to only have to implement a
single URI Signing mechanism.</t>
</section>
</section>
<section anchor="uri_format" title="Signed URI Information Elements">
<t>The concept behind URI Signing is based on embedding in the Target
CDN URI/Redirection URI a number of information elements that can be
validated to ensure the UA has legitimate access to the content. These
information elements are appended, in an encapsulated form, to the
original URI.</t>
<t>For the purposes of the URI signing mechanism described in this
document, three types of information elements may be embedded in the
URI:</t>
<t><list style="symbols">
<t>Enforcement Information Elements: Information Elements that are
used to enforce a distribution policy defined by the CSP. Examples
of enforcement attributes are IP address of the UA and time
window.</t>
<t>Signature Computation Information Elements: Information Elements
that are used by the CDN to verify the URI signature embedded in the
received URI. In order to verify a URI Signature, the CDN requires
some information elements that describe how the URI Signature was
generated. Examples of Signature Computation Elements include the
used HMACs hash function and/or the key identifier.</t>
<t>URI Signature Information Elements: The information elements that
carry the actual message digest or digital signature representing
the URI signature used for checking the integrity and authenticity
of the URI. A typical Signed URI will only contain one embedded URI
Signature Information Element.</t>
</list></t>
<t>In addition, the this document specifies the following URI
attribute:</t>
<t><list style="symbols">
<t>URI Signing Package Attribute: The URI attribute that
encapsulates all the URI Signing information elements in an encoded
format. Only this attribute is exposed in the Signed URI as a URI
query parameter.</t>
</list></t>
<t>Two types of keys can be used for URI Signing: asymmetric keys and
symmetric keys. Asymmetric keys are based on a public/private key pair
mechanism and always contain a private key only known to the entity
signing the URI (either CSP or uCDN) and a public key for the
verification of the Signed URI. With symmetric keys, the same key is
used by both the signing entity for signing the URI as well as by the
validating entity for validating the Signed URI. Regardless of the type
of keys used, the validating entity has to obtain the key (either the
public or the symmetric key). There are very different requirements for
key distribution (out of scope of this document) with asymmetric keys
and with symmetric keys. Key distribution for symmetric keys requires
confidentiality to prevent another party from getting access to the key,
since it could then generate valid Signed URIs for unauthorized
requests. Key distribution for asymmetric keys does not require
confidentiality since public keys can typically be distributed openly
(because they cannot be used for URI signing) and private keys are kept
by the URI signing function.</t>
<t>Note that all the URI Signing information elements and the URI query
attribute are mandatory to implement, but not mandatory to use.</t>
<section anchor="enforce_attributes"
title="Enforcement Information Elements">
<t>This section identifies the set of information elements that may be
needed to enforce the CSP distribution policy. New information
elements may be introduced in the future to extend the capabilities of
the distribution policy.</t>
<t>In order to provide flexibility in distribution policies to be
enforced, the exact subset of information elements used in the URI
Signature of a given request is a deployment decision. The defined
keyword for each information element is specified in parenthesis
below.</t>
<t>The following information elements are used to enforce the
distribution policy:</t>
<t>
<list style="symbols">
<t>Expiry Time (ET) [optional] - Time when the Signed URI expires.
This is represented as an integer denoting the number of seconds
since midnight 1/1/1970 UTC (i.e. UNIX epoch). The request is
rejected if the received time is later than this timestamp. Note:
The time, including time zone, on the entities that generate and
validate the signed URI need to be in sync. In the CDNI case, this means that servers at both the CSP, uCDN and dCDN need to be time-synchronized. It is RECOMMENDED to use NTP for this.</t>
<t>Client IP (CIP) [optional] - IP address, or IP prefix, for which the Signed URI is valid. This is represented in CIDR notation, with dotted decimal format for IPv4 or canonical text representation for <xref target="RFC5952">IPv6 addresses</xref> . The request is rejected if sourced from a client outside of the specified IP range.</t>
<t>Original URI Container (OUC) [optional] - Container for holding the Original URI while the URI signature is calculated. The Original URI Container information element is not transmitted as part of the URI Signing Package Attribute. If the Original URI Container information element is used, the URI Pattern Sequence information element MUST NOT be used. </t>
<t>URI Pattern Container (UPC) [optional] - Container for one or more URI Patterns that describes for which content the Signed URI is valid. The URI Pattern Container contains an expression to match against the requested URI to check whether the requested content is allowed to be requested. Multiple URI Patterns may be concatenated in a single URI Pattern Container information element by seperating them with a semi-colon (';') character. Each URI Pattern follows the <xref target="RFC3986"/> URI format, including the '://' that delimits the URI scheme from the hierarchy part. The pattern may include the wildcards '*' and '?', where '*' matches any sequence of characters (including the empty string) and '?' matches exactly one character. The three literals '$', '*' and '?' should be escaped as '$$', '$*' and '$?'. All other characters are treated as literals. The following is an example of a valid URI Pattern: '*://*/folder/content-83112371/quality_*/segment????.mp4'. An example of two concatenated URI Patterns is the following: 'http://*/folder/content-83112371/manifest/*.xml;http://*/folder/content-83112371/quality_*/segment????.mp4'. If the UPC is used, the Original URI Container information element MUST NOT be used.</t>
</list>
</t>
<t>The Expiry Time Information Element ensures that the content
authorization expires after a predetermined time. This limits the time
window for content access and prevents replay of the request beyond
the authorized time window.</t>
<t>The Client IP Information Element is used to restrict content access to a particular IP address or set of IP addresses based on the IP address for whom the content access was authorized. The URI Signing mechanism described in this document will communicate the IP address in the URI. To prevent the IP addess from being logged, the Client IP information element is transmited in encrypted form.</t>
<t>The Original URI Container is used to limit access to the Original URI only.</t>
<t>The URI Pattern Container Information Element is used to restrict
content access to a particular set of URLs.</t>
<t>Note: See the <xref target="security">Security
Considerations</xref> section on the limitations of using an
expiration time and client IP address for distribution policy
enforcement.</t>
</section>
<section anchor="compute_attributes"
title="Signature Computation Information Elements">
<t>This section identifies the set of information elements that may be
needed to verify the URI (signature). New information elements may be
introduced in the future if new URI signing algorithms are
developed.</t>
<t>The defined keyword for each information element is specified in
parenthesis below.</t>
<t>The following information elements are used to validate the URI by
recreating the URI Signature.</t>
<t><list style="symbols">
<t>Version (VER) [optional] - An 8-bit unsigned integer used for identifying the
version of URI signing method. If this Information Element is not
present in the URI Signing Package Attribute, the default version
is 1.</t>
<t>Key ID (KID) [optional] - A string used for obtaining the key (e.g. database lookup, URI reference) which is needed to validate the URI signature. The KID and KID_NUM information elements MUST NOT be present in the same URI Signing Package Attribute.</t>
<t>Numerical Key ID (KID_NUM) [optional] - A 64-bit unsigned integer used as an optional alternative for KID. The KID and KID_NUM information elements MUST NOT be present in the same URI Signing Package Attribute.</t>
<t>Hash Function (HF) [optional] - A string used for identifying
the hash function to compute the URI signature with HMAC. If this
Information Element is not present in the URI Signing Package
Attribute, the default hash function is SHA-256.</t>
<t>Digital Signature Algorithm (DSA) [optional] - Algorithm used
to calculate the Digital Signature. If this Information Element is
not present in the URI Signing Package Attribute, the default is
EC-DSA.</t>
<t>Client IP Encryption Algorithm (CEA) [optional] - Algorithm used to encrypt the Client IP. If this Information Element is not present in the URI Signing Package Attribute, the default is AES-128.</t>
<t>Client IP Key ID (CKI) [optional] - A 64-bit unsigned integer used for obtaining the key (e.g. database lookup) used for encrypting/decrypting the Client IP.</t>
<!--><t>Client IP Nonce (CIPN) [optional] - A 16-bit unsigned integer used as a nonce in the Client IP encryption mechanism.</t>-->
</list></t>
<t>The Version Information Element indicates which version of URI
signing scheme is used (including which attributes and algorithms are
supported). The present document specifies Version 1. If the Version
attribute is not present in the Signed URI, then the version is
obtained from the CDNI metadata, else it is considered to have been
set to the default value of 1. More versions may be defined in the
future.</t>
<t>The Key ID Information Element is used to retrieved the key which is needed as input to the algorithm for validating the Signed URI. The method used for obtaining the actual key from the reference included in the Key ID Information Element is outside the scope of this document. Instead of using the KID element, which is a string, it is possible to use the KID_NUM element for numerical Key identifiers instead. The KID_NUM element is a 64-bit unsigned integer. In cases where numerical KEY IDs are used, it is RECOMMENDED to use KID_NUM instead of KID.</t>
<t>The Hash Function Information Element indicates the hash function
to be used for HMAC-based message digest computation. The Hash
Function Information Element is used in combination with the Message
Digest Information Element defined in section <xref
target="signature_attributes"/>.</t>
<t>The Digital Signature Algorithm Information Element indicates the
digital signature function to be in the case asymmetric keys are used.
The Digital Signature Algorithm Information Element is used in
combination with the Digital Signature Information Element defined in
section <xref target="signature_attributes"/>.</t>
<t>The Client IP Encryption Algorithm Information Element indicates the encryption algorithm to be used for the Client IP. The Client IP Encryption Algorithm Information Element is used in combination with the Client IP Information Element defined in section <xref target="enforce_attributes"/>.</t>
<t>The Client IP Key ID is used to retrieved the key which is used for encrypting and decrypting the Client IP. The method used for obtaining the actual key from the reference included in the Key ID Information Element is outside the scope of this document. The Client IP Encryption Algorithm Information Element is used in combination with the Client IP Information Element defined in section <xref target="enforce_attributes"/>.</t>
<!--<t>The Client IP Nonce is used while encrypting the Client IP to make sure two identical Client IPs do not result in the same cipher text. This has the benefit of making it impossible to correlate requests coming from the same User Agent in the log files.</t>-->
</section>
<section anchor="signature_attributes"
title="URI Signature Information Elements">
<t>This section identifies the set of information elements that carry
the URI Signature that is used for checking the integrity and
authenticity of the URI.</t>
<t>The defined keyword for each information element is specified in
parenthesis below.</t>
<t>The following information elements are used to carry the actual URI
Signature.</t>
<t><list style="symbols">
<t>Message Digest (MD) [mandatory for symmetric key] - A string
used for the message digest generated by the URI signing
entity.</t>
<t>Digital Signature (DS) [mandatory for asymmetric keys] - A
string used for the digital signature provided by the URI signing
entity.</t>
</list></t>
<t>The Message Digest attribute contains the message digest used to
validate the Signed URI when symmetric keys are used.</t>
<t>The Digital Signature attribute contains the digital signature used
to verify the Signed URI when asymmetric keys are used.</t>
<t>In the case of symmetric key, HMAC algorithm is used for the
following reasons: 1) Ability to use hash functions (i.e. no changes
needed) with well understood cryptographic properties that perform
well and for which code is freely and widely available, 2) Easy to
replace the embedded hash function in case faster or more secure hash
functions are found or required, 3) Original performance of the hash
function is maintained without incurring a significant degradation,
and 4) Simple way to use and handle keys. The default HMAC algorithm
used is SHA-256.</t>
<t>In the case of asymmetric keys, Elliptic Curve Digital Signature
Algorithm (EC DSA) - a variant of DSA - is used because of the
following reasons: 1) Key size is small while still offering good
security, 2) Key is easy to store, and 3) Computation is faster than
DSA or RSA.</t>
</section>
<section anchor="token_attribute" title="URI Signing Package Attribute">
<t>The URI Signing Package Attribute is an encapsulation container for
the URI Signing Information Elements defined in the previous sections.
The URI Signing Information Elements are encoded and stored in this
attribute. URI Signing Package Attribute is appended to the Original
URI to create the Signed URI.</t>
<t>The primary advantage of the URI Signing Package Attribute is that
it avoids having to expose the URI Signing Information Elements
directly in the query string of the URI, thereby reducing the
potential for a namespace collision space within the URI query string.
A side-benefit of the attribute is the obfuscation performed by the
URI Signing Package Attribute hides the information (e.g. client IP
address) from view of the common user, who is not aware of the
encoding scheme. Obviously, this is not a security method since anyone
who knows the encoding scheme is able to obtain the clear text. Note
that any parameters appended to the query string after the URI Signing
Package Attribute are not validated and hence do not affect URI
Signing.</t>
<t>The following attribute is used to carry the encoded set of URI
Signing attributes in the Signed URI.</t>
<t><list style="symbols">
<t>URI Signing Package (URISigningPackage) - The encoded attribute
containing all the CDNI URI Signing Information Elements used for
URI Signing.</t>
</list></t>
<t>The URI Signing Package Attribute contains the URI Signing
Information Elements in the Base-64 encoding with URL and Filename
Safe Alphabet (a.k.a. "base64url") as specified in the <xref
target="RFC4648">Base-64 Data Encoding</xref> document. The URI
Signing Package Attribute is the only URI Signing attribute exposed in
the Signed URI. The attribute MUST be the last parameter in the query
string of the URI when the Signed URI is generated. However, a client
or CDN may append other query parameters unrelated to URI Signing to
the Signed URI. Such additional query parameters SHOULD NOT use the
same name as the URI Signing Package Attribute to avoid namespace
collision and potential failure of the URI Signing validation.</t>
<t>The parameter name of the URI Signing Package Attribute shall be defined in the CDNI Metadata interface. If the CDNI Metadata interface is not used, or does not include a parameter name for the URI Signing Package Attribute, the parameter name is set by configuration (out of scope of this document).</t>
</section>
<section title="User Agent Attributes">
<t>For some use cases, such as logging, it might be useful to allow
the UA, or another entity, add one or more attributes to the Signed
URI for purposes other than URI Signing without causing URI Signing to
fail. In order to do so, such attributes MUST be appended after the
URI Signing Packacke Attribute. Any attributes appended in such way
after the URI Signature has been calculated are not validated for the
purpose of content access authorization. Adding any such attributes to
the Signed URI before the URI Signing Packacke Attribute will cause
the URI Signing validation to fail.</t>
<t>Note that a malicious UA might potentially use the ability to
append attributes to the Signed URI in order to try to influence the
content that is delivered. For example, the UA might append
'&quality=HD' to try to make the dCDN deliver an HD version of the
requested content. Since such an additional attribute is appended
after the URI Signing Package Attribute it is not validated and will
not affect the outcome of the URI validation. In order to deal with
this vulnerability, a dCDN is RECOMMENDED to ignore any query strings
appended after the URI Signing Package Attribute for the purpose of
content selection.</t>
</section>
</section>
<section anchor="signing_uri" title="Creating the Signed URI">
<t>The following procedure for signing a URI defines the algorithms in
this version of URI Signing. Note that some steps may be skipped if the
CSP does not enforce a distribution policy and the Enforcement
Information Elements are therefore not necessary. A URI (as defined in
<xref target="RFC3986">URI Generic Syntax</xref>) contains the following
parts: scheme name, authority, path, query, and fragment. If the Original URI Container information element is used, all components except for the scheme part are protected by the URI Signature. This allows the URI signature to be validated correctly in the case when a client performs a fallback to another scheme (e.g. HTTP) for a content item referenced by a URI with a specific scheme (e.g. RTSP). In case the URI Pattern Container information element is used, the CSP has full flexibility to specify which elements of the URI (including the scheme part) are protected by the URI. </t>
<t>The process of generating a Signed URI can be divided into two sets
of steps: first, calculating the URI Signature and then, packaging the
URI Signature and appending it to the Original URI. Note it is possible
to use some other algorithm and implementation as long as the same
result is achieved. An example for the Original URI,
"http://example.com/content.mov", is used to clarify the steps.</t>
<section anchor="calculating_uri_signature" title="Calculating the URI Signature">
<t>Calculate the URI Signature by following the procedure below.</t>
<t>
<list style="numbers">
<t hangText="1.">Create an empty buffer for performing the
operations below.</t>
<t hangText="2.">Check if the Original URI already contains a query string.
If not, place a "?" character in the buffer. If yes, place an "&"
character in the buffer.</t>
<t hangText="3.">If the version is the default value (i.e. "1"),
skip this step. Otherwise, specify the version by appending the
string "VER=#" to the buffer, where '#' represents the new version number. The
following steps in the procedure is based on the initial version
of URI Signing specified by this document. For other versions,
reference the associated RFC for the URI signing procedure.</t>
<t hangText="4.">If time window enforcement is not needed, step 4
can be skipped.
<list style="letters">
<t>If an information element was added to the buffer, append
an "&" character. Append the string "ET=". Note in the
case of re-signing a URI, the information element is carried
over from the received Signed URI.</t>
<t>Get the current time in seconds since epoch (as an
integer). Add the validity time in seconds as an integer. Note
in the case of re-signing a URI, the value MUST remain the
same as the received Signed URI.</t>
<t>Convert this integer to a string and append to the
buffer.</t>
</list>
</t>
<t hangText="5.">If client IP enforcement is not needed, step 5
can be skipped.
<list style="letters">
<t>If the Client IP Encryption Algorithm used is the default ("AES-128"), this step can be skipped. If an information element was added to the message, append an "&" character. append the string "CEA=". Append the string for the Client IP Encryption Algorithm to be used.</t>
<t>If the Client IP Key Identifier is not needed, this step can be skipped. If an information element was added to the message, append an "&" character. Append the string "CKI=". Append the Client IP key identifier (e.g. "56128239") needed by the entity to locate the shared key for decrypting the Client IP.</t>
<t>If an information element was added to the message, append an "&" character. Append the string "CIP=".</t>
<t>Convert the client's IP address in CIDR notation (dotted decimal format for IPv4 or canonical text representation for <xref target="RFC5952">IPv6</xref>) to a string and encrypt it using AES-128 (in ECB mode) or another algorithm if specified by the CEA Information Element. Note in the case of re-signing an URI, the client IP that is encrypted MUST be equal to the unencrypted value of the Client IP as received in the Signed URI, see step 1 in <xref target="policy_enforcement"/>.</t>
<t>Convert the encrypted Client IP to its equivalent hexadecimal format.</t>
<t>Append the value computed in the previous step to the buffer.</t>
</list>
</t>
<t hangText="6.">If a Key ID information element is not needed, step 6 can be skipped. If an information element was added to the message, append an "&" character. Append the string "KID=" in case a string-based Key ID is used, or "KID_NUM=" in case a numerical Key ID is used. Append the key identifier (e.g. "example:keys:123" or "56128239") needed by the entity to locate the shared key for validating the URI signature.</t>
<t hangText="7.">If asymmetric keys are used, step 7 can be skipped. If the hash function for the HMAC uses the default value ("SHA-256"), step 7 can be skipped. If an information element was added to the message, append an "&" character. Append the string "HF=". Append the string for the new type of hash function to be used. Note that re-signing a URI MUST use the same hash function as the received Signed URI or one of the allowable hash functions designated by the CDNI metadata.</t>
<t hangText="8.">If assymetric keys are used, step 8 can be skipped. If the digital signature algorithm uses the default value ("EC-DSA"), step 8 can be skipped. If an information element was added to the message, append an "&" character. Append the string "DSA=". Append the string for the digital signature function. Note that re-signing a URI MUST use the same digital signature algorithm as the received Signed URI or one of the allowable digital signature algorithms designated by the CDNI metadata.</t>
<t hangText="9.">Depending on the type of URI enforcement used (Original URI or URI Pattern), add the appropriate information element.
<list style="letters">
<t>If enforcement based on a (set of) URI Pattern is used, this step can be skipped. If an information element was added to the message, append an &" character. Append the string "OUC=". Append the Original URI, excluding the "scheme name" part and the '://' delimiter, to the buffer.</t>
<t>If enforcement based on the Original URI is used, this step can be skipped. If an information element was added to the message, append an &" character. Append the string "UPC=". Append the URI Pattern Container in the form of a string to the buffer. </t>
</list>
</t>
<t hangText="10.">If asymmetric keys are used, step 10 can be skipped.
<list style="letters">
<t>Obtain the shared key to be used for signing the
URI.</t>
<t>Append the string "MD=". The message now contains the complete section of the URI that is protected (e.g.
"ET=1209422976&CKI=311&CIP=90C913977933FC650E7186361A93D6C3&KID=example:keys:123&OUC=example.com/content.mov&MD=").</t>
<t>Compute the message digest using the HMAC algorithm and
the default SHA-256 hash function, or another hash
function if specified by the HF Information Element, with
the shared key and message as the two inputs to the hash
function.</t>
<t>Convert the message digest to its equivalent
hexadecimal format.</t>
<t>Append the string for the message digest (e.g. "ET=1209422976&CKI=311&CIP=90C913977933FC650E7186361A93D6C3&KID=example:keys:123&OUC=example.com/content.mov&MD=1ecb1446a6431352aab0fb6e0dca30e30356593a97acb972202120dc482bddaf").</t>
</list>
</t>
<t hangText="11.">If symmetric keys are used, step 11 can be skipped.
<list style="letters">
<t>Obtain the private key to be used for signing the URI.</t>
<t>If an information element was added to the message, append an "&" character. Append the string "DS=". The message now contains the complete section of the URI that is protected. (e.g. "ET=1209422976&CKI=311&CIP=90C913977933FC650E7186361A93D6C3&KID=example:keys:123&OUC=example.com/content.mov&DS=").</t>
<t>Compute the message digest using SHA-1 (without a key)
for the message. Note: The digital signature generated in
the next step is calculated over the SHA-1 message digest,
instead of over the cleartype message. This is done to reduce the
length of the digital signature, the URI Signing Package Attribute, and the resulting Signed
URI. Since SHA-1 is not used for cryptographic purposes
here, the security concerns around SHA-1 do not apply.</t>
<t>Compute the digital signature, using the EC-DSA algorithm by default or another algorithm if specified by the DSA Information Element, with the private EC key and message digest (obtained in previous step) as inputs.</t>
<t>Convert the digital signature to its equivalent hexadecimal format.</t>
<t>Append the string for the digital signature. In the case where EC-DSA algorithm is used, this string contains the values for the 'r' and 's' parameters, delimited by ':' (e.g. "ET=1209422976&CKI=311&CIP=90C913977933FC650E7186361A93D6C3&KID=example:keys:123&OUC=example.com/content.mov&DS=r:CFB03EDB33810AB6C79EE3C47FBD86D227D702F25F66C01CF03F59F1E005668D:s:57ED0E8DF7E786C87E39177DD3398A7FB010E6A4C0DC8AA71331A929A29EA24E")</t>
</list>
</t>
<t hangText="12.">If, as part of step 9, the URI Pattern Container information element was added to the buffer, step 12 can be skipped. Remove the Original URI Container from the buffer, including the preceding "&" character. (e.g. "ET=1209422976&CKI=311&CIP=90C913977933FC650E7186361A93D6C3&KID=example:keys:123&MD=1ecb1446a6431352aab0fb6e0dca30e30356593a97acb972202120dc482bddaf")</t>
</list>
</t>
</section>
<section title="Packaging the URI Signature">
<t>Apply the URI Signing Package Attribute by following the procedure
below to generate the Signed URI.</t>
<t><list style="numbers">
<t>Start from the buffer created in <xref target="calculating_uri_signature"/>.
(e.g.
"ET=1209422976&CKI=311&CIP=90C913977933FC650E7186361A93D6C3&KID=example:keys:123&MD=1ecb1446a6431352aab0fb6e0dca30e30356593a97acb972202120dc482bddaf").</t>
<t>Compute the URI Signing Package Attribute using <xref
target="RFC4648">Base-64 Data Encoding</xref> on the message (e.g.
"RVQ9MTIwOTQyMjk3NiZhbXA7Q0tJPTMxMSZhbXA7Q0lQPTkwQzkxMzk3NzkzM0ZDNjUwRTcxODYzNjFBOTNENkMzJmFtcDtLSUQ9ZXhhbXBsZTprZXlzOjEyMyZhbXA7TUQ9MWVjYjE0NDZhNjQzMTM1MmFhYjBmYjZlMGRjYTMwZTMwMzU2NTkzYTk3YWNiOTcyMjAyMTIwZGM0ODJiZGRhZg==").
Note: This is the value for the URI Signing Package Attribute.</t>
<t>Copy the entire Original URI into a buffer to hold the
message.</t>
<t>Check if the Original URI already contains a query string. If
not, append a "?" character. If yes, append an "&"
character.</t>
<t>Append the parameter name used to indicate the URI Signing
Package Attribute, as communicated via the CDNI Metadata
interface, followed by an "=". If none is communicated by the CDNI
Metadata interface, it defaults to "URISigningPackage". For
example, if the CDNI Metadata interface specifies "SIG", append
the string "SIG=" to the message.</t>
<t>Append the URI Signing token to the message (e.g.
"http://example.com/content.mov?URISigningPackage=RVQ9MTIwOTQyMjk3NiZhbXA7Q0tJPTMxMSZhbXA7Q0lQPTkwQzkxMzk3NzkzM0ZDNjUwRTcxODYzNjFBOTNENkMzJmFtcDtLSUQ9ZXhhbXBsZTprZXlzOjEyMyZhbXA7TUQ9MWVjYjE0NDZhNjQzMTM1MmFhYjBmYjZlMGRjYTMwZTMwMzU2NTkzYTk3YWNiOTcyMjAyMTIwZGM0ODJiZGRhZg==").
Note: this is the completed Signed URI.</t>
</list></t>
</section>
</section>
<section anchor="validating_uri" title="Validating a URI Signature">
<t>The process of validating a Signed URI can be divided into three sets
of steps: first, extraction of the URI Signing information elements,
then validation of the URI signature to ensure the integrity of the
Signed URI, and finally, validation of the information elements to
ensure proper enforcement of the distribution policy. The integrity of
the Signed URI is confirmed before distribution policy enforcement
because validation procedure would detect the right event when the URI
is tampered with. Note it is possible to use some other algorithm and
implementation as long as the same result is achieved.</t>
<section title="Information Element Extraction">
<t>Extract the information elements embedded in the URI. Note that
some steps are to be skipped if the corresponding URI Signing
information elements are not embedded in the Signed URI. <list
style="numbers">
<t>Extract the value from 'URISigningPackage' attribute. This
value is the encoded URI Signing Package Attribute. If there are
multiple instances of this attribute, the first one is used and
the remaining ones are ignored. This ensures that the Signed URI
can be validated despite a client appending another instance of
the 'URISigningPackage' attribute.</t>
<t>Decode the string using <xref target="RFC4648">Base-64 Data
Encoding</xref> to obtain all the URI Signing information elements
(e.g.
"ET=1209422976&CKI=311&CIP=90C913977933FC650E7186361A93D6C3&KID=example:keys:123&MD=1ecb1446a6431352aab0fb6e0dca30e30356593a97acb972202120dc482bddaf").</t>
<t>Extract the value from "VER" if the information element exists
in the query string. Determine the version of the URI Signing
algorithm used to process the Signed URI. If the CDNI Metadata
interface is used, check to see if the used version of the URI
Signing algorithm is among the allowed set of URI Signing versions
specified by the metadata. If this is not the case, the request is
denied. If the information element is not in the URI, then obtain
the version number in another manner (e.g. configuration, CDNI
metadata or default value).</t>
<t>Extract the value from "MD" if the information element exists
in the query string. The existence of this information element
indicates a symmetric key is used.</t>
<t>Extract the value from "DS" if the information element exists
in the query string. The existence of this information element
indicates an asymmetric key is used.</t>
<t>If neither "MD" or "DS" attribute is in the URI, then no URI
Signature exists and the request is denied. If both the "MD" and
the "DS" information elements are present, the Signed URI is
considered to be malformed and the request is denied.</t>
<t>Extract the value from "UPC" if the information element exists
in the query string. The existence of this information element
indicates content delivery is enforced based on a (set of) URI pattern(s) instead of the Original URI.</t>
<t>Extract the value from "CIP" if the information element exists
in the query string. The existence of this information element
indicates content delivery is enforced based on client IP
address.</t>
<t>Extract the value from "ET" if the information element exists
in the query string. The existence of this information element
indicates content delivery is enforced based on time.</t>
<t>Extract the value from the "KID" or "KID_NUM" information element, if they
exist. The existence of either of these information elements indicates a key
can be referenced. If both the "KID" and the "KID_NUM" information elements are present, the Signed URI is considered to be malformed and the request is denied.</t>
<t>Extract the value from the "HF" information element, if it
exists. The existence of this information element indicates a
different hash function than the default.</t>
<t>Extract the value from the "DSA" information element, if it
exists. The existence of this information element indicates a
different digital signature algorithm than the default.</t>
<t>Extract the value from the "CEA" information element, if it
exists. The existence of this information element indicates a different Client IP Encryption Algorithm than the default.</t>
<t>Extract the value from the "CKI" information element, if it
exists. The existence of this information element indicates a key can be referenced using which the Client IP was encrypted.</t>
</list></t>
</section>
<section title="Signature Validation">
<t>Validate the URI Signature for the Signed URI.</t>
<t>
<list style="numbers">
<t hangText="1.">Copy the Signed URI into a buffer to hold the message for performing the operations below</t>
<t hangText="2.">Remove the "URISigningPackage" attribute from the message.
Remove any subsequent part of the query string after the
"URISigningPackage" attribute.</t>
<t hangText="3.">Append the decoded value from "URISigningPackage" attribute
(which contains all the URI Signing Information Elements).</t>
<t hangText="4.">Extract the value from the "MD" or "DS" information element. This is the received message signature.</t>
<t hangText="5.">Convert the message signature to binary format. This will be used to compare with the computed value later.</t>
<t hangText="6.">Remove the the "MD" or "DS" information elements from the message.</t>
<t hangText="7.">If the buffer contains the UPC information element, skip this step. Append the "&" character to the buffer. Append the Original URI Container (OUC) information element. Append the Original URI to the buffer, except for the scheme part and the '://' delimiter.</t>
<t hangText="8.">Append the "&" character. Append "MD=" or "DS=", depending on which of the two was present in the Signed URI. The message is ready for validation of the message digest (e.g. "example.com/content.mov?ET=1209422976&CIP=90C913977933FC650E7186361A93D6C3&KID=example:keys:123&OUC=example.com/content.mov&MD=").</t>
<t hangText="9.">Based on the presence of either the MD or DS information element in the buffer, validate the message digest or digital signature for symmetric key or asymmetric keys, respectively.
<list style="letters">
<t>For MD, an HMAC algorithm is used.
<list style="numbers">
<t>If either the "KID" or "KID_NUM" information element exists, validate that the key identifier is in the allowable KID set as listed in the CDNI metadata or configuration. The request is denied when the key identifier is not allowed. If neither the "KID" or "KID_NUM" information element is present in the Signed URI, obtain the shared key via CDNI metadata or configuration.</t>
<t>If "HF" information element exists, validate that the
hash function is in the allowable "HF" set as listed in
the CDNI metadata or configuration. The request is denied
when the hash function is not allowed. Otherwise, the "HF"
information element is not in the Signed URI. In this
case, the default hash function is SHA-256.</t>
<t>Compute the message digest using the HMAC algorithm
with the shared key and message as the two inputs to the
hash function.</t>
<t>Compare the result with the received message signature extracted in step 5 to
validate the Signed URI.</t>
</list>
</t>
<t>For DS, a digital signature function is
used.
<list style="numbers">
<t>If either the "KID" or "KID_NUM" information element exists, validate that the key identifier is in the allowable KID set as listed in the CDNI metadata or configuration. The request is denied when the key identifier is not allowed. If neither the "KID" or "KID_NUM" information element is present in the Signed URI, obtain the public key via CDNI metadata or configuration.</t>
<t>If "DSA" information element exists, validate that the
digital signature algorithm is in the allowable "DSA" set
as listed in the CDNI metadata or configuration. The
request is denied when the DSA is not allowed. Otherwise,
the "DSA" information element is not in the Signed URI. In
this case, the default DSA is EC-DSA.</t>
<t>Compute the message digest using SHA-1 (without a key)
for the message.</t>
<t>Verify the digital signature using the digital
signature function (e.g. EC-DSA) with the public key,
received digital signature, and message signature (extracted
in step 5) as inputs. This validates the Signed
URI.</t>
</list>
</t>
</list>
</t>
</list>
</t>
</section>
<section anchor="policy_enforcement" title="Distribution Policy Enforcement">
<t>Note that the absence of a given
Enforcement Information Element indicates enforcement of its purpose
is not necessary in the CSP's distribution policy.
<list style="numbers">
<t>If the "CIP" information element does not exist, this step can be skipped.
<list style="letters">
<t>Obtain the key for decrypting the Client IP, as indicated by the Client IP Key Index information element or set via configuration.</t>
<t>Decrypt the encrypted Client IP address obtained in step 6 using AES-128, or the algorithm specified by the Client IP Encryption Algorithm information element. </t>
<t>Verify, using CIDR matching, that the request came from an IP address within the range indicated by the decrypted Client IP information element. If the IP address is incorrect, the request is denied.</t>
</list>
</t>
<t>If the "ET" information element exists, validate that the
request arrived before expiration time based on the "ET"
information element. If the time expired, then the request is
denied.</t>
<t>If the "UPC" information element exists, validate that the requested resource is in the allowed set by matching the received URI against the URI Pattern Container information element. If there is no match, the request is denied.</t>
</list>
</t>
</section>
</section>
<section anchor="cdni_interfaces"
title="Relationship with CDNI Interfaces">
<t>Some of the CDNI Interfaces need enhancements to support URI Signing.
As an example: A Downstream CDN that supports URI Signing needs to be
able to advertise this capability to the Upstream CDN. The Upstream CDN
needs to select a Downstream CDN based on such capability when the CSP
requires access control to enforce its distribution policy via URI
Signing. Also, the Upstream CDN needs to be able to distribute via the
CDNI Metadata interface the information necessary to allow the
Downstream CDN to validate a Signed URI . Events that pertain to URI
Signing (e.g. request denial or delivery after access authorization)
need to be included in the logs communicated through the CDNI Logging
interface (Editor's Note: Is this within the scope of the CDNI Logging
interface?).</t>
<section anchor="control" title="CDNI Control Interface">
<t>URI Signing has no impact on this interface.</t>
</section>
<section anchor="advertisement"
title="CDNI Footprint & Capabilities Advertisement Interface">
<t>The Downstream CDN advertises its capability to support URI Signing
via the CDNI Footprint & Capabilities Advertisement interface
(FCI). The supported version of URI Signing needs to be included to
allow for future extensibility.</t>
<t>In general, new information elements introduced to enhance URI
Signing requires a draft and a new version.</t>
<t><list>
<t>For Enforcement Information Elements, there is no need to
advertise the based information elements such as "CIP" and
"ET".</t>
<t>For Signature Computation Information Elements:<list>
<t>No need to advertise "VER" Information Element unless it's
not "1". In this case, a draft is needed to describe the new
version.</t>
<t>Advertise value of the "HF" Information Element (i.e.
SHA-256) to indicate support for the hash function; Need IANA
assignment for new hash function.</t>
<t>Advertise value of the "DSA" Information Element (i.e.
EC-DSA) to indicate support for the DSA; Need IANA assignment
for new digital signature algorithm.</t>
<t>Advertise "MD" Information Element (i.e. SHA-256) to
indicate support for symmetric key method; A new draft is
needed for an alternative method.</t>
<t>Advertise "DS" Information Element (i.e. EC-DSA) to
indicate support for asymmetric key method; A new draft is
needed for an alternative method.</t>
</list></t>
<t>For URI Signing Package Attribute, there is no need to
advertise the base attribute.</t>
</list></t>
</section>
<section anchor="redirection"
title="CDNI Request Routing Redirection Interface">
<t>The <xref target="I-D.ietf-cdni-redirection">CDNI Request Routing
Redirection Interface</xref> describes the recursive request
redirection method. For URI Signing, the Upstream CDN signs the URI
provided by the Downstream CDN. This approach has the following
benefits:<list>
<t>Consistency with interative request routing method</t>
<t>URI Signing is fully operational even when Downstream CDN does
not have the signing function (which may be the case when the
Downstream CDN operates only as a delivering CDN)</t>
<t>Upstream CDN can act as a conversion gateway for the requesting
routing interface between Upstream CDN and CSP and request routing
interface between Upstream CDN and Downstream CDN since these two
interfaces may not be the same</t>
</list></t>
</section>
<section anchor="metadata" title="CDNI Metadata Interface">
<t>The <xref target="I-D.ietf-cdni-metadata">CDNI Metadata
Interface</xref> describes the CDNI metadata distribution in order to
enable content acquisition and delivery. For URI Signing, additional
CDNI metadata objects are specified. In general, an Empty set means
"all". These are the CDNI metadata objects used for URI Signing.</t>
<t>The UriSigning Metadata object contains information to enable URI
signing and validation by a dCDN. The UriSigning properties are
defined below.</t>
<t><list style="empty">
<t>Property: enforce<list style="empty">
<t>Description: URI Signing enforcement flag. Specifically,
this flag indicates if the access to content is subject to URI
Signing. URI Signing requires the Downstream CDN to ensure
that the URI must be signed and validated before content
delivery. Otherwise, Downstream CDN does not perform
validation regardless if URI is signed or not.</t>
<t>Type: Boolean</t>
<t>Mandatory-to-Specify: No. If a UriSigning object is present
in the metadata for a piece of content (even if the object is
empty), then URI signing should be enforced. If no UriSigning
object is present in the metadata for a piece of content, then
the URI signature should not be validated.</t>
</list></t>
<t>Property: key-id<list style="empty">
<t>Description: Designated key identifier used for URI Signing
computation when the Signed URI does not contain the Key ID
information element.</t>
<t>Type: String</t>
<t>Mandatory-to-Specify: No. A Key ID is not essential for all
implementations of URI signing.</t>
</list></t>
<t>Property: key-id-set<list style="empty">
<t>Description: Allowable Key ID set that the Signed URI's Key
ID information element can reference.</t>
<t>Type: List of Strings</t>
<t>Mandatory-to-Specify: No. Default is to allow any Key ID.</t>
</list></t>
<t>Property: hash-function<list style="empty">
<t>Description: Designated hash function used for URI Signing
computation when the Signed URI does not contain the Hash
Function information element.</t>
<t>Type: String (limited to the hash function strings in the
registry defined by the <xref target="IANA">IANA
Considerations</xref> section)</t>
<t>Mandatory-to-Specify: No. Default is SHA-256.</t>
</list></t>
<t>Property: hash-function-set<list style="empty">
<t>Description: Allowable Hash Function set that the Signed
URI's Hash Function information element can reference.</t>
<t>Type: List of Strings</t>
<t>Mandatory-to-Specify: No. Default is to allow any hash
function.</t>
</list></t>
<t>Property: digital-signature-algorithm<list style="empty">
<t>Description: Designated digital signature function used for
URI Signing computation when the Signed URI does not contain
the Digital Signature Algorithm information element.</t>
<t>Type: String (limited to the digital signature algorithm
strings in the registry defined by the <xref
target="IANA">IANA Considerations</xref> section).</t>
<t>Mandatory-to-Specify: No. Default is EC-DSA.</t>
</list></t>
<t>Property: digital-signature-algorithm-set<list style="empty">
<t>Description: Allowable digital signature function set that
the Signed URI's Digital Signature Algorithm information
element can reference.</t>
<t>Type: List of Strings</t>
<t>Mandatory-to-Specify: No. Default is to allow any DSA.</t>
</list></t>
<t>Property: version<list style="empty">
<t>Description: Designated version used for URI Signing
computation when the Signed URI does not contain the VER
attribute.</t>
<t>Type: Integer</t>
<t>Mandatory-to-Specify: No. Default is 1.</t>
</list></t>
<t>Property: version-set<list style="empty">
<t>Description: Allowable version set that the Signed URI's
VER attribute can reference.</t>
<t>Type: List of Integers</t>
<t>Mandatory-to-Specify: No. Default is to allow any
version.</t>
</list></t>
<t>Property: package-attribute<list style="empty">
<t>Description: Overwrite the default name for the URL Signing
Package Attribute.</t>
<t>Type: String</t>
<t>Mandatory-to-Specify: No. Default is
"URISigningPackage".</t>
</list></t>
</list></t>
<t>Note that the Key ID information element is not needed if only one
key is provided by the CSP or the Upstream CDN for the content item or
set of content items covered by the CDNI Metadata object. In the case
of asymmetric keys, it's easy for any entity to sign the URI for
content with a private key and provide the public key in the Signed
URI. This just confirms that the URI Signer authorized the delivery.
But it's necessary for the URI Signer to be the content owner. So, the
CDNI Metadata interface or configuration MUST provide the allowable
Key ID set to authorize the Key ID information element embedded in the
Signed URI.</t>
</section>
<section anchor="logging" title="CDNI Logging Interface">
<t>For URI Signing, the Downstream CDN reports that enforcement of the
access control was applied to the request for content delivery. When
the request is denied due to enforcement of URI Signing, the reason is
logged.</t>
<t>The following CDNI Logging field for URI Signing SHOULD be
supported in the HTTP Request Logging Record as specified in <xref
target="I-D.ietf-cdni-logging">CDNI Logging Interface</xref>.</t>
<t><list style="symbols">
<t>s-uri-signing (mandatory): <list>
<t>format: 3DIGIT</t>
<t>field value: this characterises the URI signing validation
performed by the Surrogate on the request. The allowed values
are:<list>
<t>"000" : no URI signature validation performed</t>
<t>"200" : URI signature validation performed and
validated</t>
<t>"400" : URI signature validation performed and
rejected because of incorrect signature</t>
<t>"401" : URI signature validation performed and
rejected because of Expiration Time enforcement</t>
<t>"402" : URI signature validation performed and
rejected because of Client IP enforcement</t>
<t>"403" : URI signature validation performed and
rejected because of URI Pattern enforcement</t>
<t>"500" : unable to perform URI signature validation because of malformed URI</t>
<t>"501" : unable to perform URI signature validation because of unsupported version number</t>
</list></t>
<t>occurrence: there MUST be zero or exactly one instance of
this field.</t>
</list></t>
<t>s-uri-signing-deny-reason (optional): <list>
<t>format: QSTRING</t>
<t>field value: a string for providing further information in case the URI signature was rejected, e.g. for debugging purposes.</t>
<t>occurrence: there MUST be zero or exactly one instance of
this field.</t>
</list></t>
</list></t>
</section>
</section>
<section anchor="operation" title="URI Signing Message Flow">
<t>URI Signing supports both HTTP-based and DNS-based request routing.
<xref target="RFC2104">HMAC</xref> defines a hash-based message
authentication code allowing two parties that share a symmetric key or
asymmetric keys to establish the integrity and authenticity of a set of
information (e.g. a message) through a cryptographic hash function.</t>
<section anchor="http" title="HTTP Redirection">
<t>For HTTP-based request routing, HMAC is applied to a set of
information that is unique to a given end user content request using
key information that is specific to a pair of adjacent CDNI hops (e.g.
between the CSP and the Authoritative CDN, between the Authoritative
CDN and a Downstream CDN). This allows a CDNI hop to ascertain the
authenticity of a given request received from a previous CDNI hop.</t>
<t>The URI signing scheme described below is based on the following
steps (assuming HTTP redirection, iterative request routing and a CDN
path with two CDNs). Note that Authoritative CDN and Upstream CDN are
used exchangeably.</t>
<figure title="Figure 3: HTTP-based Request Routing with URI Signing">
<artwork><![CDATA[
End-User dCDN uCDN CSP
| | | |
| 1.CDNI FCI interface used to | |
| advertise URI Signing capability| |
| |------------------->| |
| | | |
| 2.Provides information to validate URI signature|
| | |<-------------------|
| | | |
| 3.CDNI Metadata interface used to| |
| provide URI Signing attributes| |
| |<-------------------| |
|4.Authorization request | |
|------------------------------------------------------------->|
| | | [Apply distribution
| | | policy] |
| | | |
| | (ALT: Authorization decision)
|5.Request is denied | | <Negative> |
|<-------------------------------------------------------------|
| | | |
|6.CSP provides signed URI | <Positive> |
|<-------------------------------------------------------------|
| | | |
|7.Content request | | |
|---------------------------------------->| [Validate URI |
| | | signature] |
| | | |
| | (ALT: Validation result) |
|8.Request is denied | <Negative>| |
|<----------------------------------------| |
| | | |
|9.Re-sign URI and redirect to <Positive>| |
| dCDN (newly signed URI) | |
|<----------------------------------------| |
| | | |
|10.Content request | | |
|------------------->| [Validate URI | |
| | signature] | |
| | | |
| (ALT: Validation result) | |
|11.Request is denied| <Negative> | |
|<-------------------| | |
| | | |
|12.Content delivery | <Positive> | |
|<-------------------| | |
: : : :
: (Later in time) : : :
|13.CDNI Logging interface to include URI Signing information |
| |------------------->| |]]></artwork>
</figure>
<t><list style="numbers">
<t>Using the CDNI Footprint & Capabilities Advertisement
interface, the Downstream CDN advertises its capabilities
including URI Signing support to the Authoritative CDN.</t>
<t>CSP provides to the Authoritative CDN the information needed to
validate URI signatures from that CSP. For example, this
information may include a hashing function, algorithm, and a key
value.</t>
<t>Using the CDNI Metadata interface, the Authoritative CDN
communicates to a Downstream CDN the information needed to
validate URI signatures from the Authoritative CDN for the given
CSP. For example, this information may include the URI query
string parameter name for the URI Signing Package Attribute, a
hashing algorithm and/or a key corresponding to the trust
relationship between the Authoritative CDN and the Downstream
CDN.</t>
<t>When a UA requests a piece of protected content from the CSP,
the CSP makes a specific authorization decision for this unique
request based on its arbitrary distribution policy</t>
<t>If the authorization decision is negative, the CSP rejects the
request.</t>
<t>If the authorization decision is positive, the CSP computes a
Signed URI that is based on unique parameters of that request and
conveys it to the end user as the URI to use to request the
content.</t>
<t>On receipt of the corresponding content request, the
authoritative CDN validates the URI Signature in the URI using the
information provided by the CSP.</t>
<t>If the validation is negative, the authoritative CDN rejects
the request</t>
<t>If the validation is positive, the authoritative CDN computes a
Signed URI that is based on unique parameters of that request and
provides to the end user as the URI to use to further request the
content from the Downstream CDN</t>
<t>On receipt of the corresponding content request, the Downstream
CDN validates the URI Signature in the Signed URI using the
information provided by the Authoritative CDN in the CDNI
Metadata</t>
<t>If the validation is negative, the Downstream CDN rejects the
request and sends an error code (e.g. 403) in the HTTP
response.</t>
<t>If the validation is positive, the Downstream CDN serves the
request and delivers the content.</t>
<t>At a later time, Downstream CDN reports logging events that
includes URI signing information.</t>
</list></t>
<t>With HTTP-based request routing, URI Signing matches well the
general chain of trust model of CDNI both with symmetric key and
asymmetric keys because the key information only need to be specific
to a pair of adjacent CDNI hops.</t>
</section>
<section anchor="dns" title="DNS Redirection">
<t>For DNS-based request routing, the CSP and Authoritative CDN must
agree on a trust model appropriate to the security requirements of the
CSP's particular content. Use of asymmetric public/private keys allows
for unlimited distribution of the public key to Downstream CDNs.
However, if a shared secret key is preferred, then the CSP may want to
restrict the distribution of the key to a (possibly empty) subset of
trusted Downstream CDNs. Authorized Delivery CDNs need to obtain the
key information to validate the Signed UR, which is computed by the
CSP based on its distribution policy.</t>
<t>The URI signing scheme described below is based on the following
steps (assuming iterative DNS request routing and a CDN path with two
CDNs). Note that Authoritative CDN and Upstream CDN are used
exchangeably.</t>
<figure title="Figure 4: DNS-based Request Routing with URI Signing">
<artwork><![CDATA[
End-User dCDN uCDN CSP
| | | |
| 1.CDNI FCI interface used to | |
| advertise URI Signing capability| |
| |------------------->| |
| | | |
| 2.Provides information to validate URI signature|
| | |<-------------------|
| 3.CDNI Metadata interface used to| |
| provide URI Signing attributes| |
| |<-------------------| |
|4.Authorization request | |
|------------------------------------------------------------->|
| | | [Apply distribution
| | | policy] |
| | | |
| | (ALT: Authorization decision)
|5.Request is denied | | <Negative> |
|<-------------------------------------------------------------|
| | | |
|6.Provides signed URI | <Positive> |
|<-------------------------------------------------------------|
| | | |
|7.DNS request | | |
|---------------------------------------->| |
| | | |
|8.Redirect DNS to dCDN | |
|<----------------------------------------| |
| | | |
|9.DNS request | | |
|------------------->| | |
| | | |
|10.IP address of Surrogate | |
|<-------------------| | |
| | | |
|11.Content request | | |
|------------------->| [Validate URI | |
| | signature] | |
| | | |
| (ALT: Validation result) | |
|12.Request is denied| <Negative> | |
|<-------------------| | |
| | | |
|13.Content delivery | <Positive> | |
|<-------------------| | |
: : : :
: (Later in time) : : :
|14.CDNI Logging interface to report URI Signing information |
| |------------------->| |
]]></artwork>
</figure>
<t><list style="numbers">
<t>Using the CDNI Footprint & Capabilities Advertisement
interface, the Downstream CDN advertises its capabilities
including URI Signing support to the Authoritative CDN.</t>
<t>CSP provides to the Authoritative CDN the information needed to
validate cryptographic signatures from that CSP. For example, this
information may include a hash function, algorithm, and a key.</t>
<t>Using the CDNI Metadata interface, the Authoritative CDN
communicates to a Downstream CDN the information needed to
validate cryptographic signatures from the CSP (e.g. the URI query
string parameter name for the URI Signing Package Attribute). In
the case of symmetric key, the Authoritative CDN checks if the
Downstream CDN is allowed by CSP to obtain the shared secret
key.</t>
<t>When a UA requests a piece of protected content from the CSP,
the CSP makes a specific authorization decision for this unique
request based on its arbitrary distribution policy.</t>
<t>If the authorization decision is negative, the CSP rejects the
request</t>
<t>If the authorization decision is positive, the CSP computes a
cryptographic signature that is based on unique parameters of that
request and includes it in the URI provided to the end user to
request the content.</t>
<t>End user sends DNS request to the authoritative CDN.</t>
<t>On receipt of the DNS request, the authoritative CDN redirects
the request to the Downstream CDN.</t>
<t>End user sends DNS request to the Downstream CDN.</t>
<t>On receipt of the DNS request, the Downstream CDN responds with
IP address of one of its Surrogates.</t>
<t>On receipt of the corresponding content request, the Downstream
CDN validates the cryptographic signature in the URI using the
information provided by the Authoritative CDN in the CDNI
Metadata</t>
<t>If the validation is negative, the Downstream CDN rejects the
request and sends an error code (e.g. 403) in the HTTP
response.</t>
<t>If the validation is positive, the Downstream CDN serves the
request and delivers the content.</t>
<t>At a later time, Downstream CDN reports logging events that
includes URI signing information.</t>
</list></t>
<t>With DNS-based request routing, URI Signing matches well the
general chain of trust model of CDNI when used with asymmetric keys
because the only key information that need to be distributed across
multiple CDNI hops including non-adjacent hops is the public key, that
is generally not confidential.</t>
<t>With DNS-based request routing, URI Signing does not match well the
general chain of trust model of CDNI when used with symmetric keys
because the symmetric key information needs to be distributed across
multiple CDNI hops including non-adjacent hops. This raises a security
concern for applicability of URI Signing with symmetric keys in case
of DNS-based inter-CDN request routing.</t>
</section>
</section>
<section title="HTTP Adaptive Streaming">
<t>The authors note that in order to perform URI signing for individual
content segments of HTTP Adaptive Bitrate content, specific URI signing
mechanisms are needed. Such mechanisms are currently out-of-scope of
this document. More details on this topic is covered in <xref
target="RFC6983">Models for HTTP-Adaptive-Streaming-Aware CDNI</xref>.
[Editor note: DASH draft discussion]</t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>[Editor's note: (Is there a need to) register default value for URI
Signing Package Attribute URI query string parameter name (i.e.
URISigningPackage) to be used for URI Signing? Need anything from
IANA?]</t>
<t>[Editor's note: To do: Convert to proper IANA Registry format]</t>
<t>This document requests IANA to create three new URI Signing
registries for the Information Elements and their defined values to be
used for URI Signing.</t>
<t>The following Enforcement Information Element names are
allocated:<list style="symbols">
<t>ET (Expiry time)</t>
<t>CIP (Client IP address)</t>
</list></t>
<t>The following Signature Computation Information Element names are
allocated:<list style="symbols">
<t>VER (Version): 1 (Base)</t>
<t>KID (Key ID)</t>
<t>KID_NUM (Numerical Key ID)</t>
<t>HF (Hash Function): "SHA-256"</t>
<t>DSA (Digital Signature Algorithm): "EC-DSA"</t>
</list></t>
<t>The following URI Signature Information Element names are
allocated:<list style="symbols">
<t>MD (Message Digest for Symmetric Key)</t>
<t>DS (Digital Signature for Asymmetric Keys)</t>
</list></t>
<t>The IANA is requested to allocate a new entry to the CDNI Logging
Field Names Registry as specified in <xref
target="I-D.ietf-cdni-logging">CDNI Logging Interface</xref> in
accordance to the "Specification Required" policy <xref
target="RFC5226"/><list style="symbols">
<t>s-uri-signing</t>
<t>s-uri-signing-deny-reason</t>
</list></t>
<t>The IANA is requested to allocate a new entry to the "CDNI
GenericMetadata Types" Registry as specified in <xref
target="I-D.ietf-cdni-metadata">CDNI Metadata Interface</xref> in
accordance to the "Specification Required" policy <xref
target="RFC5226"/>:</t>
<texttable>
<ttcol align="left">Type name</ttcol>
<ttcol align="left">Specification</ttcol>
<ttcol align="left">Version</ttcol>
<ttcol align="left">MTE</ttcol>
<ttcol align="left">STR</ttcol>
<c>UriSigning</c>
<c>RFCthis</c>
<c>1</c>
<c>true</c>
<c>true</c>
</texttable>
<t>The IANA is also requested to allocate a new MIME type under the IANA
MIME Media Type registry for the UriSigning metadata object:<list
style="empty">
<t>application/cdni.UriSigning.v1</t>
</list></t>
</section>
<section anchor="security" title="Security Considerations">
<t>This document describes the concept of URI Signing and how it can be
used to provide access authorization in the case of interconnected CDNs
(CDNI). The primary goal of URI Signing is to make sure that only
authorized UAs are able to access the content, with a Content Service
Provider (CSP) being able to authorize every individual request. It
should be noted that URI Signing is not a content protection scheme; if
a CSP wants to protect the content itself, other mechanisms, such as
DRM, are more appropriate.</t>
<t>In general, it holds that the level of protection against
illegitimate access can be increased by including more Enforcement
Information Elements in the URI. The current version of this document
includes elements for enforcing Client IP Address and Expiration Time,
however this list can be extended with other, more complex, attributes
that are able to provide some form of protection against some of the
vulnerabilities highlighted below.</t>
<t>That said, there are a number of aspects that limit the level of
security offered by URI signing and that anybody implementing URI
signing should be aware of.</t>
<t><list>
<t>Replay attacks: Any (valid) Signed URI can be used to perform
replay attacks. The vulnerability to replay attacks can be reduced
by picking a relatively short window for the Expiration Time
attribute, although this is limited by the fact that any HTTP-based
request needs a window of at least a couple of seconds to prevent
any sudden network issues from preventing legitimate UAs access to
the content. One way to reduce exposure to replay attacks is to
include in the URI a unique one-time access ID. Whenever the
Downstream CDN receives a request with a given unique access ID, it
adds that access ID to the list of 'used' IDs. In the case an
illegitimate UA tries to use the same URI through a replay attack,
the Downstream CDN can deny the request based on the already-used
access ID.</t>
<t>Illegitimate client behind a NAT: In cases where there are
multiple users behind the same NAT, all users will have the same IP
address from the point of view of the Downstream CDN. This results
in the Downstream CDN not being able to distinguish between the
different users based on Client IP Address and illegitimate users
being able to access the content. One way to reduce exposure to this
kind of attack is to not only check for Client IP but also for other
attributes that can be found in the HTTP headers.</t>
</list></t>
<t>The shared key between CSP and Authoritative CDN may be distributed
to Downstream CDNs - including cascaded CDNs. Since this key can be used
to legitimately sign a URL for content access authorization, it's important to know the implications of a compromised shared key.</t>
<t>In the case where asymmetric keys are used, the KID information element might contain the URL to the public key. To prevent malicious clients from signing their own URIs and inserting the associated public key URL in the KID field, thereby passing URI validation, it is important that CDNs check whether the URI conveyed in the KID field is in the allowable set of KIDs as listed in the CDNI metadata or set via configuration.</t>
</section>
<section title="Privacy">
<t>The privacy protection concerns described in <xref target="I-D.ietf-cdni-logging">CDNI Logging Interface</xref> apply when the client's IP address (CIP attribute) is embedded in the Signed URI. For this reason, the mechanism described in <xref target="signing_uri"/> encrypts the Client IP before including it in the URI Signing Package (and thus the URL itself).</t>
</section>
<section title="Acknowledgements">
<t>The authors would like to thank the following people for their
contributions in reviewing this document and providing feedback: Scott
Leibrand, Kevin Ma, Ben Niven-Jenkins, Thierry Magnien, Dan York,
Bhaskar Bhupalam, Matt Caulfield, Samuel Rajakumar, Iuniana Oprescu,
Leif Hedstrom and Phil Sorber. In addition, Matt Caulfield provided content for the CDNI
Metadata Interface section.</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include='reference.RFC.2119'?>
<?rfc include='reference.RFC.6707'?>
<?rfc include='reference.RFC.5226'?>
<?rfc include='reference.I-D.ietf-cdni-logging'?>
</references>
<references title="Informative References">
<?rfc include='reference.RFC.3986'?>
<?rfc include='reference.RFC.7336'?>
<?rfc include='reference.RFC.7337'?>
<?rfc include='reference.I-D.ietf-cdni-metadata'?>
<?rfc include='reference.I-D.ietf-cdni-redirection'?>
<?rfc include='reference.RFC.5952'?>
<?rfc include='reference.RFC.4648'?>
<?rfc include='reference.RFC.2104'?>
<?rfc include='reference.RFC.6983'?>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 01:26:23 |