Re: [ppsp] ***SPAM*** 8.158 (5) 答复: ***SPAM*** 8.258 (5) 答复: 答复: tracker protocol review
Rui Cruz <rui.cruz@ieee.org> Mon, 05 November 2012 17:49 UTC
Return-Path: <rui.cruz@ieee-pt.org>
X-Original-To: ppsp@ietfa.amsl.com
Delivered-To: ppsp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E8AF21F8489 for <ppsp@ietfa.amsl.com>; Mon, 5 Nov 2012 09:49:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.398
X-Spam-Level:
X-Spam-Status: No, score=-99.398 tagged_above=-999 required=5 tests=[AWL=0.698, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_ENC_UTF8=0.152, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6h8QLBI8lgLU for <ppsp@ietfa.amsl.com>; Mon, 5 Nov 2012 09:49:12 -0800 (PST)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id A50DD21F84B7 for <ppsp@ietf.org>; Mon, 5 Nov 2012 09:49:11 -0800 (PST)
Received: by mail-bk0-f44.google.com with SMTP id jc3so2199036bkc.31 for <ppsp@ietf.org>; Mon, 05 Nov 2012 09:49:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=JvVGy83WEAmEFUQsuivY65hqWwa3xA5oJ0vPYUOxeAA=; b=IhNmU3EmItsSKUa+dtFArdDBy6Y4rtRXdl0Gv7hrX9/D4zVOZ4b5ufoDxQGOX9RhAc 6QUjRNqXPMZ6+9+vNKMzcseu4AxDHTuf9RqoXXR6EIbwFRZL9e1A7zCLub32mIhcNZwj if7Flh7ZvOJU+UtjqUthAeOyLKhLtBT+aCl+SJ+GZvqKdyxWvhN+JP5p8bKu5GZMmFtN 7nFevTZ+Uh0BDX/8QkO04aaDKngQkDOilVqkBBeYkuRfX9MPc8LyzrWRkASGPVZxtReT W797D9IQXYUz8CMrUNLlh+N3kq9srTAcc+DaSknELMVFDGPDq6v2J9jYsYgBT8coXlcm v9cw==
Received: by 10.204.152.25 with SMTP id e25mr2573976bkw.70.1352137750447; Mon, 05 Nov 2012 09:49:10 -0800 (PST)
Received: from [192.168.0.100] (62.169.111.241.rev.optimus.pt. [62.169.111.241]) by mx.google.com with ESMTPS id g8sm10479783bkv.6.2012.11.05.09.49.02 (version=SSLv3 cipher=OTHER); Mon, 05 Nov 2012 09:49:09 -0800 (PST)
Sender: Rui Cruz <rui.cruz@ieee-pt.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E61F20BF-625B-4382-A81F-DF892D622168"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Rui Cruz <rui.cruz@ieee.org>
In-Reply-To: <006a01cdbb7c$be5b84a0$3b128de0$@com>
Date: Mon, 05 Nov 2012 17:48:58 +0000
Message-Id: <E56A1616-7EB0-43FC-9056-78D0822A9573@ieee.org>
References: <2012110511283736034341@chinamobile.com>, <002001cdbb0b$9e8ff000$dbafd000$@com> <201211051340060015086@chinamobile.com> <004f01cdbb51$a8afc8d0$fa0f5a70$@com> <0D8207BB-EA12-4ECC-84A8-FDE9611AF6D4@ieee.org> <006a01cdbb7c$be5b84a0$3b128de0$@com>
To: 邓灵莉/Lingli Deng <denglingli@chinamobile.com>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQnlol7dhdBC66jz9IW3gE+Ni9M1QNMyJFRCjI869myI3C+BjO9AE8KoouLeVcB1VNQmplHs
Cc: Rui Cruz <rui.cruz@ieee.org>, 'ppsp' <ppsp@ietf.org>
Subject: Re: [ppsp] ***SPAM*** 8.158 (5) 答复: ***SPAM*** 8.258 (5) 答复: 答复: tracker protocol review
X-BeenThere: ppsp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: discussing to draw up peer to peer streaming protocol <ppsp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppsp>, <mailto:ppsp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ppsp>
List-Post: <mailto:ppsp@ietf.org>
List-Help: <mailto:ppsp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppsp>, <mailto:ppsp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2012 17:49:13 -0000
Hi Lingli, In fact, that was the basic idea, having the hashprints of content at the MPD, not requiring involvement of the tracker protocol. A few words in security sections, as well as in sections 1.2.3 "Content Information Metadata" and 1.2.4 "Authentication, Confidentiality, Integrity", would make this clearer. Regards, Rui Cruz rui.cruz@ieee.org IST/INESC-ID/INOV - Lisbon, Portugal __________________________________________ ppsp mailing list ppsp@ietf.org https://www.ietf.org/mailman/listinfo/ppsp On 05/11/2012, at 17:41, 邓灵莉/Lingli Deng <denglingli@chinamobile.com> wrote: > Hi Rui, > > MPD seems fine to me. Shall we add a few words in the security section to clarify that the integrity problem can be solved by including the hashprints of the content (be it chunk-level or content-level) into content information metadata. For instance, as in MPD format. However, this can also be done through maybe a web portal without tracker’s involvement. > > What do you think? > > BR > Lingli > > 发件人: Rui Cruz [mailto:rui.cruz@ieee-pt.org] 代表 Rui Cruz > 发送时间: 2012年11月5日 8:24 > 收件人: 邓灵莉/Lingli Deng > 抄送: Rui Cruz; 'zhangyunfei'; 'Yingjie Gu(yingjie)'; 'ppsp' > > > 主题: Re: [ppsp] ***SPAM*** 8.258 (5) 答复: 答复: tracker protocol review > > Hi Yunfei and Lingli, > > In section 1.2.3 "Content Information Metadata" and 1.2.4 "Authentication, Confidentiality, Integrity", although informative in nature, the aspect on content integrity is somewhat raised, but not described. However, stating in the draft that "content information metadata used in PPSP may align with MPD formats, such as ISO/IEC 23009-1" means that content protection and integrity verification schemes can be distributed by including root fingerprints for each each video and audio groups described in the MPD of the content. > > In Appendix B. Media Presentation Description (MPD) of draft-gu-ppsp-tracker-protocol-07, that situation was fairly described with examples, but that section was not transferred to the Base-Protocol draft, as suggested during discussions. > > In my opinion, I hardly see the distribution of the fingerprints as a role of the tracker protocol as these schemes are related to the content, but I would strongly support not just channel-oriented security in the communication between peers and tracker but also authentication and authorization mechanisms for the peers. > > Regards, > > Rui Cruz > rui.cruz@ieee.org > > IST/INESC-ID/INOV - Lisbon, Portugal > __________________________________________ > ppsp mailing list > ppsp@ietf.org > https://www.ietf.org/mailman/listinfo/ppsp > > On 05/11/2012, at 12:32, 邓灵莉/Lingli Deng <denglingli@chinamobile.com> wrote: > > > All right. I will discuss it with Yingjie and Rui today. See what to do about it. > Lingli > 发件人: zhangyunfei [mailto:zhangyunfei@chinamobile.com] > 发送时间: 2012年11月5日 0:40 > 收件人: '邓灵莉'; Yingjie Gu(yingjie); 'Rui Cruz' > 抄送: ppsp > 主题: 回复: 答复: [ppsp] tracker protocol review > > Yes, Lingli. I mean it would be good to write explicitly to say how to handle this in tracker protocol. > > BR > Yunfei > zhangyunfei > > 发件人: 邓灵莉/Lingli Deng > 发送时间: 2012-11-05 12:11 > 收件人: 'zhangyunfei'; 'Yingjie Gu\(yingjie\)'; 'Rui Cruz' > 抄送: 'ppsp' > 主题: 答复: [ppsp] tracker protocol review > Yunfei, > As for your comment asking for clarification for content integrity’s relation to tracker protocol, I would like to explain that as pointed out at the end of Section 9.2, content pollution > can be detected by incorporating integrity verification schemes for published shared contents. As content chunks are transferred independently and concurrently, a correspondent chunk-level integrity verification MUST be used, checked with signed fingerprints received from authentic origin. > In other words, these fingerprints MUST be signed by the authentic origin of the content, and MUST be distributed in a trustworthy manner against manipulation and forgery. > It would be reasonable to expect such distribution be handled by the tracker protocol in a security-enhanced sense. > BR > Lingli > 发件人: ppsp-bounces@ietf.org [mailto:ppsp-bounces@ietf.org] 代表 zhangyunfei > 发送时间: 2012年11月4日 22:29 > 收件人: Yingjie Gu(yingjie); 'Rui Cruz' > 抄送: ppsp > 主题: [ppsp] tracker protocol review > > Hi Rui and Yingjie (Speaking individually) , > I have read the updated tracker protocol draft and have the following comments: > 1) Encoding issue: It's good to mention that PPSP-TP is intended to support binary encoding in section 4. However in section 5, 7 and 8, http+XML is still in the main page. Is this just for example? Or a general semantics desperation is enough? I think much of section 7.1 in current version can be placed in Appendix A. Are you intending to use EXI for the binary encoding and do you still need http for the underlying transport? > 2) Check the section 10 for the XML descriptions. Do we need the update of this part? > 3)Security part, section 9.2, how does the content integrity check related to the tracker protocol should be better explained. > > BR > Yunfei > > zhangyunfei > _______________________________________________ > ppsp mailing list > ppsp@ietf.org > https://www.ietf.org/mailman/listinfo/ppsp > > _______________________________________________ > ppsp mailing list > ppsp@ietf.org > https://www.ietf.org/mailman/listinfo/ppsp
- [ppsp] tracker protocol review zhangyunfei
- [ppsp] 回复: 答复: tracker protocol review zhangyunfei
- Re: [ppsp] tracker protocol review Rui Cruz
- Re: [ppsp] ***SPAM*** 8.258 (5) 答复: 答复: tracker p… Rui Cruz
- Re: [ppsp] ***SPAM*** 8.158 (5) 答复: ***SPAM*** 8.… Rui Cruz
- [ppsp] 回复: 答复: ***SPAM*** 8.258 (5) 答复: 答复: track… zhangyunfei