Re: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist-00]
"Jan Seedorf" <Jan.Seedorf@nw.neclab.eu> Wed, 12 August 2009 15:17 UTC
Return-Path: <Jan.Seedorf@nw.neclab.eu>
X-Original-To: alto@core3.amsl.com
Delivered-To: alto@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FD433A6AD0 for <alto@core3.amsl.com>; Wed, 12 Aug 2009 08:17:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.945
X-Spam-Level:
X-Spam-Status: No, score=-1.945 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599, J_CHICKENPOX_45=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTw3Dr-Tesy4 for <alto@core3.amsl.com>; Wed, 12 Aug 2009 08:17:30 -0700 (PDT)
Received: from smtp0.neclab.eu (smtp0.neclab.eu [195.37.70.41]) by core3.amsl.com (Postfix) with ESMTP id CA6923A67D9 for <alto@ietf.org>; Wed, 12 Aug 2009 08:17:29 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp0.neclab.eu (Postfix) with ESMTP id 730BE2C00C51F; Wed, 12 Aug 2009 17:15:22 +0200 (CEST)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas2.office)
Received: from smtp0.neclab.eu ([127.0.0.1]) by localhost (atlas2.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQTAJRhyBS+4; Wed, 12 Aug 2009 17:15:22 +0200 (CEST)
Received: from VENUS.office (mx1.office [192.168.24.3]) by smtp0.neclab.eu (Postfix) with ESMTP id 47D092C0003DC; Wed, 12 Aug 2009 17:15:12 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 12 Aug 2009 17:15:11 +0200
Message-ID: <B94940C43117794C9432FF5FF0CCB506BE506E@VENUS.office>
In-Reply-To: <004901ca1b32$80d94d80$400ca40a@china.huawei.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist-00]
Thread-Index: AcoRI5l7gfCJyM9zTuChHjMI8pdj3gIkB7XwAFwmxmAADkh3cA==
References: <008c01ca1a63$0783e7d0$0f0ca40a@china.huawei.com> <004901ca1b32$80d94d80$400ca40a@china.huawei.com>
From: Jan Seedorf <Jan.Seedorf@nw.neclab.eu>
To: "Y.J. Gu" <guyingjie@huawei.com>, alto <alto@ietf.org>
Subject: Re: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist-00]
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/alto>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2009 15:17:31 -0000
Dear Yingjie, I think the problem of redistributed ALTO-information is not so easy, some comments below. > -- "However, there is no mean for the peers to verify whether the > information provided is actually intended > for their usage nor if the information is actually accurate at their > current topological position in the Internet " > > Surely, it's very important to verify the usage and the origination of > the > redistributed information. > I don't think accurate information needs to be redistributed. > Actually, there are kinds of general information that are suitable and > helpful to be redistributed. > E.g. kinds of cost between a particular PID and other PIDs is useful to > all > the peers in the particular PID. > What we should do is to guarantee that general information is > redistributed > within the PID area(maybe multicast) or to guarantee that peer only > request > its PID general information. Agreed, there may be certain use-cases where redistribution may not be problematic. But consider the case where certain information provided by an ALTO-server is _relative_ to that ALTO-server's location in the network. If such information gets redistributed, an ALTO-client not being aware of the original ALTO-server's location may misinterpret this information. In other words, by redistributing guidance information, its original semantic might be disguised. I think this is the problem being addressed in Martin's draft and specifically in the quote above. > ---"First of all does this require public/private key pair, where the > public > key is known to each peer and a trusted third party is required. These > requirements are possible to be fulfilled in certain deployments but > are not > in the general Internet deployment case, which in turn limits the > applicability of this protocol. Second, the receiving peer needs to > contact > the ALTO server at least once to obtain the public key part, or it does > need > to contact another server that provides the public key pair." > > First, Redistribution can be an optional part of the protocol, ALTO > server > can decide whether redistribution is adopted according to internet > environment. Second, peer can contact CA, instead of ALTO server, to > obtain > a public key. In P2PSIP-reload, each peer owns a certificate and every > peer > can contact the CA to authenticate the certificate of other peer. > Reload > regards this an acceptable workload to CA. I think the frequence of > obtaining public key from ALTO server is much fewer than the > authentication > in Reload. So that may be not a probolem. > Whatever, the real workload depends on how we design the redistribution > mechanism. Indeed, a CA-hierarchy is the technical solution. However, practically it is not always the case that two hosts on the Internet share a trusted third party, and certainly there is no overall Internet-wide CA hierarchy trusted by all hosts. In P2PSIP-RELOAD, the assumption is that there is an enrollment server, i.e., a certificate authority which certifies identities in the P2P-network (DHT). In other words, any peer who wants to join the P2PSIP network has to enroll with this identity certification service. I do not think that is a reasonable assumption for ALTO and I think this was the point in the quote above. - Jan > -----Original Message----- > From: alto-bounces@ietf.org [mailto:alto-bounces@ietf.org] On Behalf Of > Y.J. Gu > Sent: Mittwoch, 12. August 2009 11:52 > To: 'alto' > Subject: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist- > 00] > > I'm very glad that at last someone notice redistribution. > > I'm not totally agree with some opinions in the draft. > > -- "However, there is no mean for the peers to verify whether the > information provided is actually intended > for their usage nor if the information is actually accurate at their > current topological position in the Internet " > > Surely, it's very important to verify the usage and the origination of > the > redistributed information. > I don't think accurate information needs to be redistributed. > Actually, there are kinds of general information that are suitable and > helpful to be redistributed. > E.g. kinds of cost between a particular PID and other PIDs is useful to > all > the peers in the particular PID. > What we should do is to guarantee that general information is > redistributed > within the PID area(maybe multicast) or to guarantee that peer only > request > its PID general information. > > ---"First of all does this require public/private key pair, where the > public > key is known to each peer and a trusted third party is required. These > requirements are possible to be fulfilled in certain deployments but > are not > in the general Internet deployment case, which in turn limits the > applicability of this protocol. Second, the receiving peer needs to > contact > the ALTO server at least once to obtain the public key part, or it does > need > to contact another server that provides the public key pair." > > First, Redistribution can be an optional part of the protocol, ALTO > server > can decide whether redistribution is adopted according to internet > environment. Second, peer can contact CA, instead of ALTO server, to > obtain > a public key. In P2PSIP-reload, each peer owns a certificate and every > peer > can contact the CA to authenticate the certificate of other peer. > Reload > regards this an acceptable workload to CA. I think the frequence of > obtaining public key from ALTO server is much fewer than the > authentication > in Reload. So that may be not a probolem. > Whatever, the real workload depends on how we design the redistribution > mechanism. > > > > Regards > > Yingjie Gu > > > > _______________________________________________ > alto mailing list > alto@ietf.org > https://www.ietf.org/mailman/listinfo/alto
- [alto] ALTO Server Discovery Matthias Waehlisch
- [alto] Is there meeting minutes for ALTO, IETF 75? Y.J. Gu
- Re: [alto] Is there meeting minutes for ALTO, IET… Enrico Marocco
- Re: [alto] Is there meeting minutes for ALTO, IET… Y.J. Gu
- Re: [alto] ALTO Server Discovery Song Haibin
- [alto] [ALTO] Comments on [draft-stiemerling-alto… Y.J. Gu
- Re: [alto] [ALTO] Comments on [draft-stiemerling-… Jan Seedorf
- Re: [alto] [ALTO] Comments on [draft-stiemerling-… Richard Alimi
- Re: [alto] [ALTO] Comments on [draft-stiemerling-… Y.J. Gu
- Re: [alto] [ALTO] Comments on[draft-stiemerling-a… Jan Seedorf
- Re: [alto] [ALTO] Comments on [draft-stiemerling-… Jan Seedorf