Re: [ppsp] Stephen Farrell's Discuss on draft-ietf-ppsp-base-tracker-protocol-10: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 10 January 2016 22:13 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ppsp@ietfa.amsl.com
Delivered-To: ppsp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F58C1A040C; Sun, 10 Jan 2016 14:13:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level:
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQpSFuJ8oAZi; Sun, 10 Jan 2016 14:13:05 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29D6F1A0430; Sun, 10 Jan 2016 14:13:05 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C2CB5BE3E; Sun, 10 Jan 2016 22:13:03 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPrfIlVrsf-u; Sun, 10 Jan 2016 22:13:02 +0000 (GMT)
Received: from [10.87.48.91] (unknown [86.46.21.60]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 5BE53BE39; Sun, 10 Jan 2016 22:13:01 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1452463982; bh=mOw6cJWLtvLJIwLhEbz+rnSMJxGW8xVhmdY51lgtBXk=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=06VTxFmNMT4QgDQP9zTpBQaWL0+GMS9tOL85G3EsYk0jQta/SVfIMMt7hWrWvqA/l SVG5BuYFSabnSlXWj+0gAGQDk9TWQeAF+8gFZ+FJetF9vDND5ab90021qk5qJuY1ky fxElB3aX1QeQ4oYlS2yVEMZizgA0s9L4ftk51ZIg=
To: "Huangyihong (Rachel)" <rachel.huang@huawei.com>, The IESG <iesg@ietf.org>
References: <20151014192642.8481.70035.idtracker@ietfa.amsl.com> <51E6A56BD6A85142B9D172C87FC3ABBB864448AA@nkgeml501-mbs.china.huawei.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <5692D76C.6010108@cs.tcd.ie>
Date: Sun, 10 Jan 2016 22:13:00 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <51E6A56BD6A85142B9D172C87FC3ABBB864448AA@nkgeml501-mbs.china.huawei.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ppsp/ZaUnd826dPtqwaWmCh1mNcaQXdk>
Cc: "ppsp-chairs@ietf.org" <ppsp-chairs@ietf.org>, "ppsp@ietf.org" <ppsp@ietf.org>, "draft-ietf-ppsp-base-tracker-protocol@ietf.org" <draft-ietf-ppsp-base-tracker-protocol@ietf.org>
Subject: Re: [ppsp] Stephen Farrell's Discuss on draft-ietf-ppsp-base-tracker-protocol-10: (with DISCUSS and COMMENT)
X-BeenThere: ppsp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: discussing to draw up peer to peer streaming protocol <ppsp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppsp>, <mailto:ppsp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ppsp/>
List-Post: <mailto:ppsp@ietf.org>
List-Help: <mailto:ppsp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppsp>, <mailto:ppsp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jan 2016 22:13:07 -0000

Hi,

Sorry for my extremely slow response, but given that you've
gotten the other discusses cleared and I've not found time to
delve into this more myself, I've cleared my discuss on the
basis of your explanation below.

Thanks,
S.


On 22/10/15 08:09, Huangyihong (Rachel) wrote:
> Hi Stephen,
> 
> Thank you for your comments and sorry for our late replies. Please see inline.
> 
> BR,
> Rachel
> 
>> -----Original Message-----
>> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
>> Sent: Thursday, October 15, 2015 3:27 AM
>> To: The IESG
>> Cc: ppsp-chairs@ietf.org; draft-ietf-ppsp-base-tracker-protocol@ietf.org;
>> Zongning; ppsp@ietf.org
>> Subject: Stephen Farrell's Discuss on draft-ietf-ppsp-base-tracker-protocol-10:
>> (with DISCUSS and COMMENT)
>>
>> Stephen Farrell has entered the following ballot position for
>> draft-ietf-ppsp-base-tracker-protocol-10: Discuss
>>
>> When responding, please keep the subject line intact and reply to all email
>> addresses included in the To and CC lines. (Feel free to cut this introductory
>> paragraph, however.)
>>
>>
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-ppsp-base-tracker-protocol/
>>
>>
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>>
>> 6.2 - can you explain to me how the overall protection against pollution works?
>> I'm not quite following it and am concerned that it may be lacking. But that may
>> just be me forgetting how this ties together with rfc7574.
> 
> [Rachel]: Tracker protocol is used to exchange information like peer list, peer status between peers and trackers. Content pollution is usually caused by content changing between peers. Because trackers don't exchange content information with peers, they don't have ways to detect if a peer is polluting the content or not. The integrity verification schemes mentioned in Section 6.2 are considered in peer protocol, which can reference section 6.1 of RFC7574. So how about changing the Section 6.2 to the following:
> "
> Malicious peers may declaim ownership of popular content to the tracker and try to serve polluted (i.e., decoy content or even virus/trojan infected contents) to other peers. For trackers, they don't exchange content information among peers, hence they are difficult to detect if a peer is polluting the content or not. Usually, this kind of pollution can be detected by PPSPP [RFC7574]. More details can be seen in Section 6.1 and Section 12 of [RFC7574].
> "
> 
>>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> - I-D nits notes a bunch of missing reference entries, e.g.
>> for RFC6972 as well as 6 others. Probably some xml2rfc issue.
> 
> [Rachel]: Will fix it in the new version.
>>
>> - intro: last para (just before 1.1) puzzles me. Not sure why it''s there.
> 
> [Rachel]: How about changing to 
> 
> OLD
> "
>    This document describes the base PPSP Tracker protocol and how it
>    satisfies the requirements for the IETF Peer-to-Peer Streaming
>    Protocol, in order to derive the implications for the standardization
>    of the PPSP streaming protocols and to identify open issues and
>    promote further discussion.
> "
> 
> NEW
> "
> This document introduces a base PPSP Tracker Protocol which satisfies the requirements from [RFC6972].
> "
>>
>> - intro: why is there no mention of Bit Torrent? This seems to be the same
>> design for the same purpose, and BT is in widespread use so not explaining the
>> relationship seems a bit odd. 5.1.2 seems to be plain silly in that light, while BT
>> is not a "standard" that is irrelevant - it has been widely deploy and migration
>> from BT to this, or co-existence, would seem critical to the success of this
>> effort.
> 
> [Rachel]: Actually, at the drafting of PPSP-TP, there's another draft [draft-ietf-ppsp-survey] which has described most of the popular and deployed p2p applications. Currently, [draft-ietf-ppsp-survey] is dead, so maybe we should include some BT descriptions in our draft?
> 
>>
>> - RFC2616 is obsoleted.
> 
> [Rachel]: Will update.
> 
>>
>> - 6.1: I agree with Katheen's discuss, a MUST use TLS is needed here really and
>> just reflects reality and is not an additioanl consideration. It is needed for
>> clarity though.
> 
> [Rachel]: Ok.
> 
>>
>> - 6.2: Given the history of spoofing in BT I wondered why there is no object level
>> origin auth defined here.
> 
> [Rachel]: How about adding a paragraph in Section 6.2 as following:
> 
> NEW
> "
> Some attackers that disrupt P2P streaming on behalf of content providers may provide false or modified content or peer list information to achieve certain malicious goals. Peers connecting to those portals or trackers provided by the attackers may be redirected to some corrupted malicious content. However, there is no standard ways to for peers to avoid this kind of situations completely. Peers can have mechanisms to detect undesirable content or results themselves. For example, if a peer finds the portal returns some undesired content information or the tracker returns some malicious peer lists, the peer may want to quit the swarm, or switch to other P2P streaming services provided by other content providers.
> "
> 
>>
>> - I also agree with Ben's discuss.
>>
>