[ppsp] [Errata Verified] RFC7574 (4725)

RFC Errata System <rfc-editor@rfc-editor.org> Mon, 21 August 2017 13:57 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: ppsp@ietfa.amsl.com
Delivered-To: ppsp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B01E2132A37; Mon, 21 Aug 2017 06:57:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fxdeP950FKDv; Mon, 21 Aug 2017 06:57:19 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDB2813247A; Mon, 21 Aug 2017 06:57:19 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 5452FB81120; Mon, 21 Aug 2017 06:56:53 -0700 (PDT)
To: shkim@etri.re.kr, arno@cs.vu.nl, r.petrocco@gmail.com, victor.grishchenko@gmail.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: spencerdawkins.ietf@gmail.com, iesg@ietf.org, ppsp@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20170821135653.5452FB81120@rfc-editor.org>
Date: Mon, 21 Aug 2017 06:56:53 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ppsp/l8us_ll5jCy11M0rjGUmGgnciQo>
Subject: [ppsp] [Errata Verified] RFC7574 (4725)
X-BeenThere: ppsp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: discussing to draw up peer to peer streaming protocol <ppsp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppsp>, <mailto:ppsp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ppsp/>
List-Post: <mailto:ppsp@ietf.org>
List-Help: <mailto:ppsp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppsp>, <mailto:ppsp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2017 13:57:22 -0000

The following errata report has been verified for RFC7574,
"Peer-to-Peer Streaming Peer Protocol (PPSPP)". 

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid4725

--------------------------------------
Status: Verified
Type: Technical

Reported by: Sung Hei Kim, Chang Kyu Lee <shkim@etri.re.kr>;
Date Reported: 2016-07-01
Verified by: Spencer Dawkins (IESG)

Section: 5

Original Text
-------------
PPSPP can use different methods for protecting the integrity of the
content while it is being distributed via the peer-to-peer network.
More specifically, PPSPP can use different methods for receiving
peers to detect whether a requested chunk has been maliciously
modified by the sending peer. In benign environments, content
integrity protection can be disabled.

For static content, PPSPP currently defines one method for protecting
integrity, called the Merkle Hash Tree scheme. If PPSPP operates
over the Internet, this scheme MUST be used. If PPSPP operates in a
benign environment, this scheme MAY be used. So the scheme is
mandatory to implement, to satisfy the requirement of strong security
for an IETF protocol [RFC3365]. An extended version of the scheme is
used to efficiently protect dynamically generated content (live
streams), as explained below and in Section 6.1.

Corrected Text
--------------
PPSPP can use different methods for protecting the integrity of the
content while it is being distributed via the peer-to-peer network.
More specifically, PPSPP can use different methods for receiving
peers to detect whether a requested chunk has been maliciously
modified by the sending peer.

For static content, PPSPP currently defines one method for protecting
integrity, called the Merkle Hash Tree scheme.
The scheme is mandatory to implement, to satisfy the requirement of 
strong security for an IETF protocol [RFC3365]. An extended version
of the scheme is used to efficiently protect dynamically generated
content (live streams), as explained below and in Section 6.1.

Notes
-----
RFC 7574 (PPSP-PP) defines how the peers exchange chunks regarding content integrity protection scheme. It describes the relationship of the DATA and INTEGRITY messages.
But, it does not describes how peers exchange chunks when the content integrity protection scheme is disabled.
Thus, to the readers, it seems that content integrity protection scheme is very important part of PPSP-PP and must be used in order to implement PPSP-PP.
I think the RFC 7574 (PPSP-PP) should be changed to clearly express that the content integrity protection scheme must be used in PPSP-PP.
The proposed changes is to remove options regarding the use of content integrity protection.

Spencer: confirmed in conversations with Victor Grishchenko <victor.grishchenko@gmail.com>; on the PPSP mailing list.

--------------------------------------
RFC7574 (draft-ietf-ppsp-peer-protocol-12)
--------------------------------------
Title               : Peer-to-Peer Streaming Peer Protocol (PPSPP)
Publication Date    : July 2015
Author(s)           : A. Bakker, R. Petrocco, V. Grishchenko
Category            : PROPOSED STANDARD
Source              : Peer to Peer Streaming Protocol
Area                : Transport
Stream              : IETF
Verifying Party     : IESG