Re: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist-00]

Dear Yingjie,

I think the problem of redistributed ALTO-information is not so easy, some comments below.

> --  "However, there is no mean for the peers to verify whether the
> information provided is actually intended
>    for their usage nor if the information is actually accurate at their
> current topological position in the Internet "
>
> Surely, it's very important to verify the usage and the origination of
> the
> redistributed information.
> I don't think accurate information needs to be redistributed.
> Actually, there are kinds of general information that are suitable and
> helpful to be redistributed.
> E.g. kinds of cost between a particular PID and other PIDs is useful to
> all
> the peers in the particular PID.
> What we should do is to guarantee that general information is
> redistributed
> within the PID area(maybe multicast) or to guarantee that peer only
> request
> its PID general information.
Agreed, there may be certain use-cases where redistribution may not be problematic. But consider the case where certain information provided by an ALTO-server is _relative_ to that ALTO-server's location in the network. If such information gets redistributed, an ALTO-client not being aware of the original ALTO-server's location may misinterpret this information. In other words, by redistributing guidance information, its original semantic might be disguised. I think this is the problem being addressed in Martin's draft and specifically in the quote above.

> ---"First of all does this require public/private key pair, where the
> public
> key is known to each peer and a trusted third party is required.  These
> requirements are possible to be fulfilled in certain deployments but
> are not
> in the general Internet deployment case, which in turn limits the
> applicability of this protocol.  Second, the receiving peer needs to
> contact
> the ALTO server at least once to obtain the public key part, or it does
> need
> to contact another server that provides the public key pair."
> 
> First, Redistribution can be an optional part of the protocol, ALTO
> server
> can decide whether redistribution is adopted according to internet
> environment. Second, peer can contact CA, instead of ALTO server, to
> obtain
> a public key. In P2PSIP-reload, each peer owns a certificate and every
> peer
> can contact the CA to authenticate the certificate of other peer.
> Reload
> regards this an acceptable workload to CA. I think the frequence of
> obtaining public key from ALTO server is much fewer than the
> authentication
> in Reload. So that may be not a probolem.
> Whatever, the real workload depends on how we design the redistribution
> mechanism.
Indeed, a CA-hierarchy is the technical solution. However, practically it is not always the case that two hosts on the Internet share a trusted third party, and certainly there is no overall Internet-wide CA hierarchy trusted by all hosts. In P2PSIP-RELOAD, the assumption is that there is an enrollment server, i.e., a certificate authority which certifies identities in the P2P-network (DHT). In other words, any peer who wants to join the P2PSIP network has to enroll with this identity certification service. I do not think that is a reasonable assumption for ALTO and I think this was the point in the quote above.

 - Jan

> -----Original Message-----
> From: alto-bounces@ietf.org [mailto:alto-bounces@ietf.org] On Behalf Of
> Y.J. Gu
> Sent: Mittwoch, 12. August 2009 11:52
> To: 'alto'
> Subject: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist-
> 00]
> 
> I'm very glad that at last someone notice redistribution.
> 
> I'm not totally agree with some opinions in the draft.
> 
> --  "However, there is no mean for the peers to verify whether the
> information provided is actually intended
>    for their usage nor if the information is actually accurate at their
> current topological position in the Internet "
> 
> Surely, it's very important to verify the usage and the origination of
> the
> redistributed information.
> I don't think accurate information needs to be redistributed.
> Actually, there are kinds of general information that are suitable and
> helpful to be redistributed.
> E.g. kinds of cost between a particular PID and other PIDs is useful to
> all
> the peers in the particular PID.
> What we should do is to guarantee that general information is
> redistributed
> within the PID area(maybe multicast) or to guarantee that peer only
> request
> its PID general information.
> 
> ---"First of all does this require public/private key pair, where the
> public
> key is known to each peer and a trusted third party is required.  These
> requirements are possible to be fulfilled in certain deployments but
> are not
> in the general Internet deployment case, which in turn limits the
> applicability of this protocol.  Second, the receiving peer needs to
> contact
> the ALTO server at least once to obtain the public key part, or it does
> need
> to contact another server that provides the public key pair."
> 
> First, Redistribution can be an optional part of the protocol, ALTO
> server
> can decide whether redistribution is adopted according to internet
> environment. Second, peer can contact CA, instead of ALTO server, to
> obtain
> a public key. In P2PSIP-reload, each peer owns a certificate and every
> peer
> can contact the CA to authenticate the certificate of other peer.
> Reload
> regards this an acceptable workload to CA. I think the frequence of
> obtaining public key from ALTO server is much fewer than the
> authentication
> in Reload. So that may be not a probolem.
> Whatever, the real workload depends on how we design the redistribution
> mechanism.
> 
> 
> 
> Regards
> 
> Yingjie Gu
> 
> 
> 
> _______________________________________________
> alto mailing list
> alto@ietf.org
> https://www.ietf.org/mailman/listinfo/alto