[ppsp] Fwd: New Version Notification for draft-ietf-ppsp-peer-protocol-07.txt
Riccardo Petrocco <r.petrocco@gmail.com> Mon, 15 July 2013 17:21 UTC
Return-Path: <r.petrocco@gmail.com>
X-Original-To: ppsp@ietfa.amsl.com
Delivered-To: ppsp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB7E611E8138 for <ppsp@ietfa.amsl.com>; Mon, 15 Jul 2013 10:21:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001, J_CHICKENPOX_32=0.6, MANGLED_LIST=2.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2gsa7itvFvoR for <ppsp@ietfa.amsl.com>; Mon, 15 Jul 2013 10:20:57 -0700 (PDT)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id CC53011E80AD for <ppsp@ietf.org>; Mon, 15 Jul 2013 10:20:55 -0700 (PDT)
Received: by mail-wg0-f48.google.com with SMTP id f11so10260115wgh.3 for <ppsp@ietf.org>; Mon, 15 Jul 2013 10:20:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=EUo4OJp3dt/G2u+TmLZxMCyO//Nufze2+YnnSLvLjGQ=; b=JjXKL6bg3j4JPwLaDnv/g95nLTkmHcWEN+NaIVURpSbeeCg7jSRsx4MkxCM4o9aH9N +wg5AZsbgRUfyl66ZGT3EOzWdcT/ObYF3h8q8cbU5wU8wCTzK1egkQls0iTJnmZ1SVwX l36qgY3lQhOf1Ddg6jDQPnivDTFhh9vhQrHdRXgSOuM7na1hHAOgQoPHq1CDaXF4++Dw 0tgO8FGC/vDpdeUFE3LJ0wHa31z1MXQxli2jBUe3RaQjVweeQXoIbR5SIr+jpGpmT20F rzBPyxF+1t/t28hYN/IQ6CogUSdOMrR1H2yCGbg8ciG5EMOvwRWnf6TQ+eD1ME2q8QuU wdNw==
MIME-Version: 1.0
X-Received: by 10.180.20.116 with SMTP id m20mr9536815wie.46.1373908854891; Mon, 15 Jul 2013 10:20:54 -0700 (PDT)
Received: by 10.194.236.38 with HTTP; Mon, 15 Jul 2013 10:20:54 -0700 (PDT)
In-Reply-To: <20130715165826.16712.69876.idtracker@ietfa.amsl.com>
References: <20130715165826.16712.69876.idtracker@ietfa.amsl.com>
Date: Mon, 15 Jul 2013 19:20:54 +0200
Message-ID: <CAN6E5EdTosRC2Ntpm5itmMKKP4VOdWgYbmbg5GBbg7UBsu937w@mail.gmail.com>
From: Riccardo Petrocco <r.petrocco@gmail.com>
To: ppsp <ppsp@ietf.org>
Content-Type: multipart/alternative; boundary="bcaec53f2e313fed1404e190158b"
Subject: [ppsp] Fwd: New Version Notification for draft-ietf-ppsp-peer-protocol-07.txt
X-BeenThere: ppsp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: discussing to draw up peer to peer streaming protocol <ppsp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppsp>, <mailto:ppsp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ppsp>
List-Post: <mailto:ppsp@ietf.org>
List-Help: <mailto:ppsp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppsp>, <mailto:ppsp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2013 17:21:00 -0000
Hi all, I just uploaded an updated version of the peer protocol draft. We mostly focused on the issues presented in the recent AD review. Unfortunately due to the lack of time, and the extensive review, some points still need to be addressed. See you in Berlin, ciao, Riccardo ========================= -07 2013-06-19 Revision following AD Review Quoting the AD review by Martin Stiemerling: ***High-level issues: 1) Merkle Hash Trees I have found the document very confusing on whether Merkle Hash Trees (MHTs) and the for the MHT required bin numbering scheme are now optional or mandatory. Parts of the draft make the impression that either of them or both or optional (mainly in the beginning of the document), while Section 5 and later Sections are relying heavily on MHTs. My naive reading of the current draft is that you could rely on start-end ranges for chunk addressing and MHTs for content protection. However, I do know that this combination is not working. If MHTs are really optional, including the bin numbering, the document should really state this and make clear what the operations of the protocol are with the mandatory to implement (MTI) mechanisms. The MHT, bins, and all the protocol handling should go in an appendix. There is a call to make for the WG: I do know that MHTs were considered by some as burden and they have called for a leaner way, i.e., the start-end ranges. The call for the leaner way has been implemented in the document but not fully. + The text now states that MHTs SHOULD be used unless in benign environments and are mandatory-to-implement. It also states that only start-end chunk range is mandatory- to-implement, and bins are optional. 2) LEDBAT as congestion control vs. PPSPP The PPSP peer protocol is intended for the Standards Track and relies in a normative manner on LEDBAT (RFC 6817). LEDBAT as such is an **experimental** delay-based congestion control algorithm. A Standards Track protocol cannot normatively rely on an Experimental congestion control mechanism (or RFC in general). There are ways out of this situation: i) Do not use ledbat: this would call for another congestion control mechanism to be described in the PPSPP draft. ii) Work on an 'upgrade' of the LEDBAT specification to Standards Track: Possible, but a very long way. iii) Agree on having PPSPP also as Experimental protocol. I'm currently leaning towards option iii), but this is my pure personal opinion as an individual in the IETF. + A new paragraph has been added to Section 8.16 describing the feasibility of LEDBAT in P2P systems. 3) No formal protocol message definition Section 7 and more specific Section 8 describe the protocol syntax of the protocol options and the messages, though Section 8 is talking about UDP encapsulation. Section 7 is hard to digest if someone should implement the options, see also later, but Section 8 is almost impossible to understand by somebody who has not been involved in the PPSP working group. See also further down for a more detailed review of the sections. To give an example out of Section 8.4: This section describes the HANDSHAKE message and gives examples how such a HANDSHAKE message could look like. But no formal definition of the message is given leaving a number of thins unclear, such as what the local channel number and what's the remote channel number is. This is implicitly defined, but that is not a good way of writing Standards Track drafts. 4) Implicit use of default values There are a number of places all over the draft where default values are defined. Many of those default values are used when there are no values explicitly signaled, e.g., the default chunk size of 1 Kbyte in Section 8.4 or Section Section 7.5. with the default for the Content Integrity Protection Method. I have the feeling that the protocol and the surroundings (e.g., what comes in via the 'tracker') are over-optimized, e.g., always providing the Content Integrity Protection Method as part of the Protocol options will not waste more than 2 bytes in a HANDSHAKE message. Further, I do not see the need to define a default chunk size in the base protocol specification, as this default can look very different, depending on who is deploying the protocol and in what context. This calls for a more dynamic way of handling the system chunk size, either as part of an external mechanisms (e.g. via the tracker) or in the HANDSHAKE message. + Removed implicit defaults from protocol options. Chunk size is part of the content's metadata and thus configurable. The default 1KiB has been turned into a recommendation. 5) Concept of channels The concept of channels is good but it is introduced too late in the draft, namely in Section 8.3, and it is introduced with very few words. Why isn't this introduced as part of Section 2 or Section 3, also in the relationship to the used transport protocol? I.e., the intention is to keep only one transport 'connection' between two distinct peers and to allow to run multiple swarm instances at the same time over the same transport. And how do swarms and channels correlate? + Concept now introduced in Section 3 with a figure. ***Technicals: - Section 2.1, 2nd paragraph, about the tracker: I haven't seen a single place where the interaction with a tracker is discussed or where the tracker less operation is discussed in contrast. It is further unclear what type of information is really required from a tracker. A tracker (or a resource directory) would need to provide more then IP address & port, e.g., the used transport protocol for the protocol exchange (given that other transports are allowed), used chunk size, chunk addressing scheme, etc - Section 2.3, the 1st paragraph, 'close-channel': This has been the first time where I stumbled over the channel without knowing the concept. + Rephrased. - Section 3.1: ordering of messages The 1st sentence implies that ordering of messages in a datagram matters a lot. This is outlined later in the document, but I would add this as part of 3., i.e., the messages are processed in the strict order or something along this line. - Section 3.1, 1st paragraph, options to include I would not say anything about 'SHOULD include options' here, as this is anyhow described in Section 8. + Phrase removed. - Section 3.1, 2nd paragraph: "Datagrams exchanged MAY also contain some minor payload, e.g. HAVE messages to indicate the current progress of a peer or a REQUEST (see Section 3.7)." to be added, just to make it clear IMHO: ", but MUST NOT include any DATA message". + Added. - Section 3.2, 2nd paragraph: "In particular, whenever a receiving peer has successfully checked the integrity of a chunk or interval of chunks it MUST send a HAVE message to all peers it wants to interact with in the near future." This looks like a place where a lot of traffic can be send out of a peer, i.e., whenever a chunk arrives a HAVE message must be sent. I don't believe that this should be mandated by the protocol specification, but there should guidance on when to send this, e.g., peers might be also able to wait for a short period of time to gather more chunks to be reported in HAVE. Or should in this case a single UDP datagram contain multiple HAVEs? + Clarified. - Section 3.4 on ACKs This section looks pretty weak, as ACKs may be sent but on the other hand MUST be sent if ledbat is used. I would simply say: - ACK MUST be sent if an unreliable transport protocol is used - ACK MAY be sent if a reliable transport protocol is used - keep clarification about ledbat. + DONE. - Section 3.5: Give text where INTEGERITY is described at least for the MTI scheme. + DONE. - Section 3.7, 2nd paragraph - all 'MAY' are actually not right here. Please remove or replace them with lower letters if appropriate. - It is not clear what the 'sequentially' means exactly. Is it in the received order? + First point TODO. "Sequentially" replaced with "received order". - Section 3.8: Please replace 'MAY' by can, as those are not normative behaviors but more the fact that peers can, for instance, request urgent data. + DONE. - Section 3.9 Same comment as for the Section 3.8 just above this comment. + DONE. - Section 3.9 waiting for responses OLD " When peer B receives a CHOKE message from A it MUST NOT send new REQUEST messages and SHOULD NOT expect answers to any outstanding ones." NEW " When peer B receives a CHOKE message from A it MUST NOT send new REQUEST messages and it cannot expect answers to any outstanding ones, as the transfer of chunks is choked." + DONE. - Section 3.10.2 This whole section about PEX hole punching reads very, very experimental. The STUN method is ok, but PEX isn't. First of all, the safe behavior for a peer when it receives unsolicited PEX messages, is to discard those messages. Second, this unsolicited PEX messages trigger some behavior which may open an attack vector. The best way, but this needs more discussion, is to include to some token in the messages that are exchanged in order to make avoid any blind attacks here. However, this will need more and detailed discussions of the purpose of this. + TODO: hole punching comment. + We moved parts of the security analysis of PEX up, such that all mechanisms are explained in the main text, and the analysis of what attacks there are and how these mechanisms prevent them is in the Sec. Considerations section. - Section 3.11 I don't see the 'MUST send keep-alive' as a mandatory requirement, as peers might have good reasons not to send any keep alive. Why not saying 'A peer can send a keep-alive' and it 'MUST use the simple datagram...' as already described. Though there is also no really need to say MUST. + Now Section 3.12. Rephrased and clarified the reason and consequences of sending keep-alive msgs. - Section 4 The syntax definition for each of the chunk addressing schemes is missing. This is not suitable for any specification that aims at interoperable implementations. - Section 4.3.2 PPSPP peers MUST use the ACK message if an unreliable transport protocol is used. + DONE. - Section 4.4 Has been tested in an implementation? I would like to understand the need for such a section, as in my understanding a peer implementation should chose one scheme and support this and there shouldn't be the need to convert between the different schemes. - Section 5 This reads that MHTs are mandatory to implement while the document makes the impression that MHTs are optional. + Rephrased, see High-level issues. - Section 5.3 " so each datagram SHOULD be processed separately and a loss of one datagram MUST NOT disrupt the flow" The MUST NOT is not a protocol specification requirement, but more an informative part saying that a lost message shouldn't impact the protocol machinery, but it can impact the overall operation. What is the flow here in that sentence? + Rephrased. - Section 5.6.2. An illustrative example explaining how the automatic size detection works is required here. + Added a paragraph with an example that follows the figure used during the explanation. A state diagram could also be added, but bight be a bit redundant. - Section 6.1, 4th paragraph: Where do I find the 1 byte algorithm field in the swarm ID? The swarm ID is not really defined in a single place. + Expanded. TODO: Formal spec of swarm ID. - Section 7.3 The described min/max versioning relies on the fact that there are major and minor version numbers. I cannot find any major and minor version number scheme in the draft. + Actually, it does not. - Section 7.4, Length field It is not clear what the 'Length' field is referring to. Further, it is not clear of the swam IDs are concatenated in one swarm ID option, of each swarm ID must be placed in a separate swam ID option. - Section 7.6 MHTs are mandatory to support though MHTs are optional? + Clarified. - Section 7.7 'key size ... derived from the swarm ID'. This relates to my high level comment no 4. on the use of implicit information. Either it is clearly specified how this information is derived or there is a protocol field/ information about the size. + Key size derivation procedure added to description of SIGNED_INTEGRITY in UDP encapsulation. - Section 7.8 I would recommend to say that the default MUST be supported, but the peer must always signal what method it is supporting or at least using. + Corrected, see High-level issues 4.) - Section 7.10 I have not understood how the 'Lenght' field relates to the message bitmap and how long the message bitmap can grow. The figure looks like a maximum of 16 bits? + Clarified. - Section 8 I do not see the value of the text in the preface of Section 8. I would say that this text should say what is mandatory and what's not, i.e., MUST use UDP and MUST use LEDBAT. Potentially saying that future protocol versions can also run over other transport protocols. + Adjusted. - Section 8.1 about Maximum Transfer Unit (MTU) The text is discussing that a Ethernet can carry 1500 bytes. This is true, but the Ethernet payload is not the normative MTU across all of the Internet. For IPv6 the min MTU is 1280 bytes and for IPv4 it is 576 bytes, though for IPv4 it can be theoretically much lower at 64 bytes. It would move the definition of the default chunk size to a recommendation with text saying that this size has a high likelihood to travel end-to-end in the Internet without any fragmentation. Fragmentation might increase the loss of complete chunks, as one lost fragment will cause the loss of a complete chunk. One way of getting an informed decision on whether chunks can travel in their size is to use the Don't Fragment (DF) bit in IPv4 and also to watch for ICMP error messages. However, ICMP error messages are not a reliable indication, but they can be some indication. + 1 KiB chunk size has been made a recommendation. - Section 8.1 Definition of the default chunk size There is no need to define a default chunk size, if the chunk size would be always signaled per swarm. This is another default/ implicit value places that is unnecessary. + The chunk size is always part of the content's metadata. - Section 8.3: see also my comment no 3. The concept of channels is introduced very late and with few words. A figure to explain the concept will help a lot and also more formal text on what a channel is and how they are identified. Also what the init channel is. + Concept now introduced in Section 3.11. TODO init channel. - Section 8 in general: There is no formal definition of the messages, just bit pattern examples. - Section 8.4 (as example for the other Sections in 8.x): i) What is the '(CHANNEL' paramter? Is it actually a parameter? ii) it is implicit that the first channel no (0000000) is the remote peer's channel and that the second channel no (00000011) is the local peer's channel, right? This isn't clear from the text, but my guess. - Section 8.5 Can HAVE messages multiple bin specs in one message or do I have to make a HAVE message for each bin? + Clarified. - Section 8.6 What is the formal defintion of a DATA message? That's completely missing or I have not understood it. - Section 8.7 looks just underspecified, especially as this is the link to LEDBAT. - Section 8.11 How are the chunks specified here? The formal syntax definition or reference to one is missing. - Section 8.13 I'm lost on this section, as I haven't fully understood the concept of the PEX in this document. Especially not why there is the PEX_REScert. + We moved parts of the security analysis of PEX up into 3.10, such that all mechanisms are explained in the main text, and the analysis of what attacks there are and how these mechanisms prevent them is in the Sec. Considerations section. - Section 11 The RFC required for protocol extensions of a standards track protocol looks odd. This must be at least IETF Review or Standards Action. ***Editorials: - Abstract (and probably also other places), 1st sentence of, PPSPP is not a transport protocol, just a protocol + DONE - Section 1.1, 4th paragraph: I would remove the reference to rmcat, as it is not yet clear what the outcome of the rmcat wg will be + DONE - Section 1.3, on page 8, about seeding/leeching: I would break it in to sub-bullets. + DONE - Section 2.1 and following: These are examples, isn'it? If so, this should be mentioned or clarified. + DONE. All subsections now labeled "Example:". - Section 2.1: What is the PPSP Url? - Section 2.3, the 1st paragraph, detection of dead peers: It would be good to say where this detection is described in the remainder of the draft. Just for completeness. + DONE. Dead peer detection is now a separate section and referenced here. - Section 2.2, the very last paragraph, 'Peer A MAY also': This 'MAY' is not useful here. I would just write 'Peer A can also', as there is nothing normative described here. + DONE - Section 3.2, last paragraph: What is the latter confinement? This is not clear to me. + Rephrased. - Section 3.9, last sentence I am not sure to what the reference to Section 3.7 is pointing in this respect. + Rephrased. - Section 3.10.1 about PEX messages The text says 'PPSPP optionally features...'. I have not understood if this optionally refers to mandatory to implement but optionally to use, or if the PEX messages are optionally to implement. + Made it clear that is OPTIONAL and not mandatory-to- implement. - Section 3.12 I'm not sure what this section is telling exactly. Isn't just saying that PPSPP as such does not care how chunks are stored locally, as this is implementation dependent? + Yes. Removed. - Section 4.2, page 15, 1st paragraph: OLD 'A PPSPP peer MAY support' NEW 'The support for this scheme is OPTIONAL' + DONE, for byte ranges as well. - Section 6.1.1 This section is not describing sign-all, but rather a justification why it may still work. This doesn't help at all. - Section 7, 1st paragraph Why is there a reference to RFC 2132? + Removed, just similarity in format. - Section 7 in general i) It is common to give bit positions in the figures where the syntax of options is described. This allows to count how many bits are used for a protocol field more easily and also way more reliable. ii) Please add also Figure labels to the syntax definitions of the options. This makes it easier to reference them later on if needed. - Section 8.1 1 kibibyte is 1 kbyte? + We follow ISO/IEC 80000-13 to avoid the kilo = 1000 or 1024 confusion. - Section 8.2, last paragraph i ) "All messages are idempotent" in what respect? ii) "or recognizable as duplicates" but how are the recognized as duplicates? + Idempotent means that processing a message twice does not lead to a different state than processing them once. Resent handshakes can be recognized as duplicates because a peer already recorded the first connection attempt in its state. Updated text. - Section 8.5, last sentence in brackets: What is this last sentence about? - Section 8.13 " If sender of the PEX_REQ message does not have a private or link-local address, then the PEX_RES* messages MUST NOT contain such addresses [RFC1918][RFC4291]." What is this text saying? Do not include what you do not have anyway? + Rephrased. It tries to say that internal addresses must not be leaked to external peers. - Section 8.14 There is no single place where all the constants are collected and also documented what the default values or the recommended values. For instance in this Section 8.14 where the dead peer time out is set to 3 minutes and also the number of datagrams that should have sent. I would make a section or subsection to discuss dead peers and how they are detected and just link to the keep-alive mechanism in Section 8.14. + A new section Section 12.1.1.1 "Summary of Default Values" was created for this in the Ops & Mgmt part. - Section 11 This section needs to be overhauled once the document is ready for the IESG. The section is not wrong but can be improved to help IANA. ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: 2013/7/15 Subject: New Version Notification for draft-ietf-ppsp-peer-protocol-07.txt To: Riccardo Petrocco <r.petrocco@gmail.com>, Arno Bakker <arno@cs.vu.nl>, Victor Grishchenko <victor.grishchenko@gmail.com> A new version of I-D, draft-ietf-ppsp-peer-protocol-07.txt has been successfully submitted by Arno Bakker and posted to the IETF repository. Filename: draft-ietf-ppsp-peer-protocol Revision: 07 Title: Peer-to-Peer Streaming Peer Protocol (PPSPP) Creation date: 2013-07-15 Group: ppsp Number of pages: 84 URL: http://www.ietf.org/internet-drafts/draft-ietf-ppsp-peer-protocol-07.txt Status: http://datatracker.ietf.org/doc/draft-ietf-ppsp-peer-protocol Htmlized: http://tools.ietf.org/html/draft-ietf-ppsp-peer-protocol-07 Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-ppsp-peer-protocol-07 Abstract: The Peer-to-Peer Streaming Peer Protocol (PPSPP) is a protocol for disseminating the same content to a group of interested parties in a streaming fashion. PPSPP supports streaming of both pre-recorded (on-demand) and live audio/video content. It is based on the peer- to-peer paradigm, where clients consuming the content are put on equal footing with the servers initially providing the content, to create a system where everyone can potentially provide upload bandwidth. It has been designed to provide short time-till-playback for the end user, and to prevent disruption of the streams by malicious peers. PPSPP has also been designed to be flexible and extensible. It can use different mechanisms to optimize peer uploading, prevent freeriding, and work with different peer discovery schemes (centralized trackers or Distributed Hash Tables). It supports multiple methods for content integrity protection and chunk addressing. Designed as a generic protocol that can run on top of various transport protocols, it currently runs on top of UDP using LEDBAT for congestion control. The IETF Secretariat
- [ppsp] Fwd: New Version Notification for draft-ie… Riccardo Petrocco
- [ppsp] 答复: Fwd: New Version Notification for draf… 邓灵莉/Lingli Deng
- Re: [ppsp] 答复: Fwd: New Version Notification for … Riccardo Petrocco