IETF Logo Mail Archive

Re: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist-00]

"Jan Seedorf" <Jan.Seedorf@nw.neclab.eu> Fri, 14 August 2009 09:48 UTC

Return-Path: <Jan.Seedorf@nw.neclab.eu>
X-Original-To: alto@core3.amsl.com
Delivered-To: alto@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74E213A6867 for <alto@core3.amsl.com>; Fri, 14 Aug 2009 02:48:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[AWL=0.334, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddise71JWXCp for <alto@core3.amsl.com>; Fri, 14 Aug 2009 02:48:00 -0700 (PDT)
Received: from smtp0.neclab.eu (smtp0.neclab.eu [195.37.70.41]) by core3.amsl.com (Postfix) with ESMTP id 392CF3A67F4 for <alto@ietf.org>; Fri, 14 Aug 2009 02:48:00 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp0.neclab.eu (Postfix) with ESMTP id 825152C0004DE; Fri, 14 Aug 2009 11:46:19 +0200 (CEST)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas2.office)
Received: from smtp0.neclab.eu ([127.0.0.1]) by localhost (atlas2.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SRNlhaTxkY+e; Fri, 14 Aug 2009 11:46:19 +0200 (CEST)
Received: from VENUS.office (mx1.office [192.168.24.3]) by smtp0.neclab.eu (Postfix) with ESMTP id 596692C0004DB; Fri, 14 Aug 2009 11:46:09 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Fri, 14 Aug 2009 11:46:08 +0200
Message-ID: <B94940C43117794C9432FF5FF0CCB506BE51B6@VENUS.office>
In-Reply-To: <002f01ca1bca$094ee6b0$400ca40a@china.huawei.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist-00]
Thread-Index: AcoRI5l7gfCJyM9zTuChHjMI8pdj3gIkB7XwAFwmxmAADkh3cAAYN9BAAEEEWNA=
References: <B94940C43117794C9432FF5FF0CCB506BE506E@VENUS.office> <002f01ca1bca$094ee6b0$400ca40a@china.huawei.com>
From: Jan Seedorf <Jan.Seedorf@nw.neclab.eu>
To: "Y.J. Gu" <guyingjie@huawei.com>, alto <alto@ietf.org>
Subject: Re: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-redist-00]
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/alto>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2009 09:48:01 -0000

Dear Yingjie,

> I think "Redistribution" should not be unlimited.
How do you want to limit redistribution in practice, i.e., how do you want to enforce such a limitation?

> Second, redistributed information must include accurate ALTO SERVER
> INFORMATION, e.g. network position or name, and what kind of
> information it
> is, so that client can judge the usage of the information.
> Last but not least, client must cognize his ALTO SERVER INFORMATION and
> share a unified information description language among all clients, at
> least
> those in one application swarm.
I agree, but in addition it is also very important that the redistributed ALTO information includes the input parameters which where the basis for generating the ALTO information.


> Instead of an overall trusted third party, a dedicated CA for a
> particular
> network position, neither too small nor too big, will work.
> Applications can
> make their clients cognize the dedicated CA as they notice clients
> about
> dedicated ALTO servers.
Yes, that can work, but especially if you consider mobility of clients it will not always work.

Also, currently the WG is discussing ALTO discovery. That means that ALTO clients most probably will not have the location of ALTO servers "hardcoded" in their implementation. However, to boostrap a CA hierarchy of trust, the public key of a Root-CA needs to be available to the client. I do not believe in PKI set-up by users nor certificate management by users (think of certificate error messages in today's web-browsers, which btw have a certificate of a Root-CA hardcoded in their implementation).

All I am saying is that it works fine in theory but is not so easy in practice...

 - Jan


> -----Original Message-----
> From: Y.J. Gu [mailto:guyingjie@huawei.com]
> Sent: Donnerstag, 13. August 2009 05:56
> To: Jan Seedorf; 'alto'
> Subject: RE: [alto] [ALTO] Comments on [draft-stiemerling-alto-info-
> redist-00]
> 
> Hi Jan,
> See in line pls.
> 
> Regards
> 
> Yingjie Gu
> 
> 
> 
> > -----Original Message-----
> > From: Jan Seedorf [mailto:Jan.Seedorf@nw.neclab.eu]
> > Sent: Wednesday, August 12, 2009 11:15 PM
> > To: Y.J. Gu; alto
> > Subject: RE: [alto] [ALTO] Comments on
> > [draft-stiemerling-alto-info-redist-00]
> >
> > Dear Yingjie,
> >
> > I think the problem of redistributed ALTO-information is not
> > so easy, some comments below.
> 
> > Agreed, there may be certain use-cases where redistribution
> > may not be problematic. But consider the case where certain
> > information provided by an ALTO-server is _relative_ to that
> > ALTO-server's location in the network. If such information
> > gets redistributed, an ALTO-client not being aware of the
> > original ALTO-server's location may misinterpret this
> > information. In other words, by redistributing guidance
> > information, its original semantic might be disguised. I
> > think this is the problem being addressed in Martin's draft
> > and specifically in the quote above.
> >
> 
> I think "Redistribution" should not be unlimited.
> First of all, not all information is redistributed.
> Second, redistributed information must include accurate ALTO SERVER
> INFORMATION, e.g. network position or name, and what kind of
> information it
> is, so that client can judge the usage of the information.
> Last but not least, client must cognize his ALTO SERVER INFORMATION and
> share a unified information description language among all clients, at
> least
> those in one application swarm.
> Richard Alimi gave excellent examples in his email. Of course, there
> maybe
> other methods.
> By this mean, client can find suitable redistributed information.
> 
> > Indeed, a CA-hierarchy is the technical solution. However,
> > practically it is not always the case that two hosts on the
> > Internet share a trusted third party, and certainly there is
> > no overall Internet-wide CA hierarchy trusted by all hosts.
> > In P2PSIP-RELOAD, the assumption is that there is an
> > enrollment server, i.e., a certificate authority which
> > certifies identities in the P2P-network (DHT). In other
> > words, any peer who wants to join the P2PSIP network has to
> > enroll with this identity certification service. I do not
> > think that is a reasonable assumption for ALTO and I think
> > this was the point in the quote above.
> >
> >  - Jan
> 
> Instead of an overall trusted third party, a dedicated CA for a
> particular
> network position, neither too small nor too big, will work.
> Applications can
> make their clients cognize the dedicated CA as they notice clients
> about
> dedicated ALTO servers.

v2.23.0 | Report a Bug | By Email