Re: [P2PSIP] 答复: An overlay resource leak scenario
Marc Petit-Huguenin <petithug@acm.org> Fri, 05 July 2013 17:46 UTC
Return-Path: <petithug@acm.org>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99F3921F9C75 for <p2psip@ietfa.amsl.com>; Fri, 5 Jul 2013 10:46:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.374
X-Spam-Level:
X-Spam-Status: No, score=-2.374 tagged_above=-999 required=5 tests=[AWL=-0.226, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UGKicieonTWc for <p2psip@ietfa.amsl.com>; Fri, 5 Jul 2013 10:46:46 -0700 (PDT)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id 9BF8521F994C for <p2psip@ietf.org>; Fri, 5 Jul 2013 10:46:46 -0700 (PDT)
Received: from [IPv6:2601:9:4b80:4a:68a3:ec9a:408:988c] (unknown [IPv6:2601:9:4b80:4a:68a3:ec9a:408:988c]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id D4CC8204D3; Fri, 5 Jul 2013 19:46:44 +0200 (CEST)
Message-ID: <51D70682.9030902@acm.org>
Date: Fri, 05 Jul 2013 10:46:42 -0700
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130630 Icedove/17.0.7
MIME-Version: 1.0
To: 邓灵莉/Lingli Deng <denglingli@chinamobile.com>
References: <20130704105617.59ca11a9ba9389561a029f06442e67fa.27bdf1c864.mailapi@email03.secureserver.net> <022901ce7909$ee903da0$cbb0b8e0$@com>
In-Reply-To: <022901ce7909$ee903da0$cbb0b8e0$@com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Cc: p2psip@ietf.org
Subject: Re: [P2PSIP] 答复: An overlay resource leak scenario
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2013 17:46:47 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/04/2013 03:57 PM, 邓灵莉/Lingli Deng wrote: > Hi Michael, > > > > I don’t quite follow the case you described. > > > > Shouldn’t a well-behaved rejoining peer be using the still valid > certificate in the first place? > > Otherwise, it is easy to exploit this to launch a DoS attack against ES, > which must be protected. Yes, and a well written enrollment server would certainly rate limit the number of certificates granted per user. Another solution that was proposed during the meeting in Vancouver by EKR is that the enrollment server generates a Node-ID using a hash (e.g. on the user name) so the same Node-IDs are always allocated to the same user, which solves the problem of certificate renewal and also helps RELOAD clients that cannot persistently store their certificate. > > > > BR > > Lingli > > > > *发件人:*p2psip-bounces@ietf.org [mailto:p2psip-bounces@ietf.org] *代表 > *Michael Chen *发送时间:*2013年7月5日1:56 *收件人:*p2psip@ietf.org *主题:*[P2PSIP] An > overlay resource leak scenario > > > > Hi, > > > > Background > > ========== > > In a SIP usage of RELOAD, a peer can store its AoR and certificate in a > single RELOAD Store Request with a SIP Registration kind and a Certificate > By User kind. The data model for the SIP Registration is dictionary with > its Node-ID as key, and Certificate By User is array. > > > > P2PSIP Draft > > =========== > > In pspsip-base-26, section 11.3, bullet #5 says: > > o One or more Node-IDs ... > > ... The enrollment server > > *SHOULD* maintain a mapping of users to Node-IDs and if the same > > user returns (e.g., to have their certificate re-issued) return > > the same Node-IDs, thus avoiding the need for implementations to re-store > all their data when their certificates expire. > > > > Implementation > > ============= > > The enrollment server always returns a new Node-ID or keeps the above > mapping for a short period compared to the expiration time of the > certificate. > > > > Usage Scenario > > ============= > > A device goes in and out of the range of WiFi as it moves or sleeps then > awakes. Each time it loses the WiFi, RELOAD does not get the chance to > properly Leave the overlay. Each time it gets the WiFi back, it rejoins the > overlay and receives a new Node-ID and thus a new certificate. > > > > Resource Leak > > ============= > > Due to the data model (dictionary key off Node-ID) and array (Store by > appending), the overlay holds on to more and more useless SIP Registration > and Certificate By User at the Resource-ID (hash of the device's AoR). > > > > Possible Remedy 1 > > ================ > > (p2psip-base) The enrollment server MUST maintain the same AoR to Node-ID > mapping as long as the corresponding certificate is still valid. Con: > expensive enrollment server storage. > > > > Possible Remedy 2 > > ================ > > (p2psip-sip and p2psip-base?) The joining peer MUST fetch and remove > existing SIP Registration and Certificate By User at the Resource-ID before > storing its current one. Con: peer-join complexity. > > > > Do I have a case? > > > > Thanks > > > > --Michael > > > > _______________________________________________ P2PSIP mailing list > P2PSIP@ietf.org https://www.ietf.org/mailman/listinfo/p2psip > - -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: http://blog.marc.petit-huguenin.org Profile: http://www.linkedin.com/in/petithug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJR1wZ1AAoJECnERZXWan7EgokQALFLjNJPZUkGeqvZ+X+VeoS2 jjDtASWCsHPTc0Z8qDQBAHSLETvgQmVx/lmMBOmiIEiGOrAttvJ8jVnEpC+a+6tc /gRdZ15oY08Exgdqw6E+9CJOgRGaQpyHqGAbfXhB1z/1jtBWdeF/k25JOr3lCv99 Z8vkG85PPDtF86W32QawcG0CB/foFTD7otfhsj54jlYY+oXrHFyN/L9SITx8/XRW m3nxE20q6jI3KmxM95NflXOgbObFrbQOnX/+0hbmwES0NNmZi3Q8KLiCUVezXk3D yqNd9K5cpgTNHXLFYjQZjuvPeIMK0NG6fyDS+CwaMNiTJ+Wxn8crppASUWGFP3Oh p8qPMI0+8nLwWcmazoC4+3MeVCl8/Gfn87VGFmhGLs+5F8UQmNeZWB59BPD5Ny9m wnh90TAuNTHy4CorDbN1xo1be0LL1Yw2tKTa2M/luFEUeZvpPMFCGCPdc1nzIEOL KJRDTX6hKn+wamEibwQnJTkJKvs5LnYZhQq6M/aXYzik32o/H70X/TdaA5BlHQVk 9bO7VDTD7K8S67dskFBUDO/oKjsfjUKAbrmSAlux2GuunYQE2KI38b4wmZSpb8/5 +LIOmPnQNN9Zt3+gaUDXB4vNVOapyEbNkGN8yYBU+kClJUZCI7PyF9pVC3JcnLY2 vkPWQMqSH9B60mrIOZie =aEB6 -----END PGP SIGNATURE-----
- Re: [P2PSIP] An overlay resource leak scenario Michael Chen
- [P2PSIP] An overlay resource leak scenario Michael Chen
- [P2PSIP] 答复: An overlay resource leak scenario 邓灵莉/Lingli Deng
- Re: [P2PSIP] 答复: An overlay resource leak scenario Marc Petit-Huguenin
- [P2PSIP] 答复: 答复: An overlay resource leak scenario 邓灵莉/Lingli Deng
- [P2PSIP] 答复: An overlay resource leak scenario 邓灵莉/Lingli Deng