Re: [p2prg] Comments to draft-schulzrinne-p2prg-rtc-security-00
Song Haibin <melodysong@huawei.com> Wed, 15 April 2009 03:23 UTC
Return-Path: <melodysong@huawei.com>
X-Original-To: p2prg@core3.amsl.com
Delivered-To: p2prg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CEEB03A6C7F for <p2prg@core3.amsl.com>; Tue, 14 Apr 2009 20:23:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.457
X-Spam-Level:
X-Spam-Status: No, score=-1.457 tagged_above=-999 required=5 tests=[AWL=1.142, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nx0z+D6ZVth for <p2prg@core3.amsl.com>; Tue, 14 Apr 2009 20:23:53 -0700 (PDT)
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [119.145.14.65]) by core3.amsl.com (Postfix) with ESMTP id 9F7D33A688A for <p2prg@ietf.org>; Tue, 14 Apr 2009 20:23:53 -0700 (PDT)
Received: from huawei.com (szxga02-in [172.24.2.6]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KI400991HHQUV@szxga02-in.huawei.com> for p2prg@ietf.org; Wed, 15 Apr 2009 11:25:03 +0800 (CST)
Received: from huawei.com ([172.24.1.24]) by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0KI400LDAHHQTA@szxga02-in.huawei.com> for p2prg@ietf.org; Wed, 15 Apr 2009 11:25:02 +0800 (CST)
Received: from s64081 ([10.164.12.64]) by szxml04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0KI400MBPHHQYC@szxml04-in.huawei.com> for p2prg@ietf.org; Wed, 15 Apr 2009 11:25:02 +0800 (CST)
Date: Wed, 15 Apr 2009 11:25:02 +0800
From: Song Haibin <melodysong@huawei.com>
In-reply-to: <49E4852B.4030108@telecomitalia.it>
To: 'Enrico Marocco' <enrico.marocco@telecomitalia.it>
Message-id: <003b01c9bd79$c37ab0a0$400ca40a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Thread-index: Acm8/tGKGgW2FquRSgeyPEE+uReQBwAatGfg
Cc: p2prg@ietf.org
Subject: Re: [p2prg] Comments to draft-schulzrinne-p2prg-rtc-security-00
X-BeenThere: p2prg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Peer-to-Peer Research Group <p2prg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/p2prg>, <mailto:p2prg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/p2prg>
List-Post: <mailto:p2prg@irtf.org>
List-Help: <mailto:p2prg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/p2prg>, <mailto:p2prg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2009 03:23:54 -0000
Enrico, >-----Original Message----- >From: Enrico Marocco [mailto:enrico.marocco@telecomitalia.it] >Sent: Tuesday, April 14, 2009 8:44 PM >To: Song Haibin >Cc: p2prg@ietf.org >Subject: Re: [p2prg] Comments to >draft-schulzrinne-p2prg-rtc-security-00 > >Thanks for an accurate review, Haibin, we'll integrate your >comments in the next version of the draft. A few notes inline. > >Song Haibin wrote: >> 1. In Section 1, paragraph 1, "P2P networks are now also being used >> for applications such as Voice over IP (VoIP) [SKYPE] [Singh] and >> television [JOOST] [COOLSTREAM]." >> >> [Haibin] As far as I know, Joost has just changed its basic >P2P system >> architecture and turned to client/server architecture. It's >better to >> remove this reference. > >Yes, indeed, probably now PPLive is a better example of P2P >systems for realtime content delivery. > Good example. >> 2. Section 2.1 Incentive of attacker >> >> [Haibin] I could give some additional common incentives of >attackers. >> For example, some attacks are motivated by the business >competition or >> for selling security products. E.g., I heard some firewall product >> companies usually attack some company's network, and tell them their >> network is not safe, so that they could sell them firewalls. Attacks >> due to competition are also common cases. These kinds of attacks may >> happen to p2p overlays. > >While it is arguably a real issue in C/S scenarios, I'm not >sure who, in a P2P system, could be the target customer of >such security solutions. >Maybe you are thinking of sort of a hybrid model, but the case >of some company selling a security product for an application >distributed by another company doesn't seem much realistic. I guess any peers located in a victim company could be the target of such attack, if the p2p application is open on the internet. However, I don't have a real example at my hand for such attack incentive in p2p applications, but for c/s scenarios, google can give many good real examples. >OTOH I agree that competition could be a real incentive. > >> 5. In Section 5.1.2, Reactive identification, "In a file-sharing >> application for example, after downloading content from a >node, if the >> peer observes that data does not match its original query it can >> identify the corresponding node as malicious." >> >> [Haibin] It is hard to determine which node is the malicious node in >> this context. But at least this content in this node can be marked >> with "malicious", or this node can be marked with "suspicious". > >Identification of malicious peers is actually a very complex >topic, subject itself of many possible attacks. The example in >section 5.1.2, surely over-simplistic, has the only intent to >pass to the reader a quick image of the reactive approach, but >it is of course far from a real solution. > >> 7. In section 7.1.2 When to upgrade >> >> [Haibin] It lists some information to determine the peer load, e.g. >> number of clients attached, bandwidth usage for DHT maintenance, >> memory usage for DHT routing table. I hope p2psip diagnostics >> (draft-ietf-p2psip-diagnostics) mechanisms can be used to >collect the >> listed corresponding information from the overlay. > >At the time of writing the p2psip-diagnostics work was still >very early, but I agree that now it would be worth referenced here. I agree. BR Haibin >-- >Ciao, >Enrico > >
- [p2prg] Comments to draft-schulzrinne-p2prg-rtc-s… Song Haibin
- Re: [p2prg] Comments to draft-schulzrinne-p2prg-r… Enrico Marocco
- Re: [p2prg] Comments to draft-schulzrinne-p2prg-r… Song Haibin
- Re: [p2prg] Comments to draft-schulzrinne-p2prg-r… Henry Sinnreich
- Re: [p2prg] Comments to draft-schulzrinne-p2prg-r… Emil Ivov