Re: [secdir] secdir review of draft-ietf-p2psip-self-tuning-11

Tobias Gondrom <tobias.gondrom@gondrom.org> Sun, 08 June 2014 12:53 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 830121A03C0; Sun, 8 Jun 2014 05:53:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.652
X-Spam-Level:
X-Spam-Status: No, score=-102.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IOz3J7nYcDSl; Sun, 8 Jun 2014 05:53:06 -0700 (PDT)
Received: from www.gondrom.org (www.gondrom.org [91.250.114.153]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BC9C1A03BF; Sun, 8 Jun 2014 05:53:06 -0700 (PDT)
X-No-Relay: not in my network
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=sXk67JIrTDaAGzsK3uVJgJH/5VdJjlcvdrGagrwYB5zWka80jDNQ/Jeu6ZjjGan9bMfd04ioIhR9qkB+zPGg8RSKLQnKZavpuP3LXXQe0vaiOPSopvWslbfKwy8g+OmL+E1ZnrJama/N5l1zkGRimHfAMcwiKYRutFOD1csfg50=; h=X-No-Relay:X-No-Relay:X-No-Relay:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:X-Priority:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
X-No-Relay: not in my network
X-No-Relay: not in my network
X-No-Relay: not in my network
Received: from [192.169.100.115] (249.Red-81-44-81.dynamicIP.rima-tde.net [81.44.81.249]) by www.gondrom.org (Postfix) with ESMTPSA id 290C21539004E; Sun, 8 Jun 2014 14:52:55 +0200 (CEST)
Message-ID: <53945CA4.2050108@gondrom.org>
Date: Sun, 08 Jun 2014 13:52:52 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: jouni.maenpaa@ericsson.com, draft-ietf-p2psip-self-tuning.all@tools.ietf.org
X-Priority: 4 (Low)
References: <53823E4A.6080106@gondrom.org> <5389CF23.8020007@gondrom.org> <27112A697EB8204D9943EAB8A0E16B711080CB41@ESESSMB305.ericsson.se>
In-Reply-To: <27112A697EB8204D9943EAB8A0E16B711080CB41@ESESSMB305.ericsson.se>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/F5jYZYcv84jE-6CWcH-ipCKDYuc
Cc: iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-p2psip-self-tuning-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jun 2014 12:53:08 -0000

Hi Jouni,

thanks a lot for the explanation.
That answers my question.

Best wishes, Tobias


On 08/06/14 10:37, Jouni Mäenpää wrote:
> Hi,
>
> Thanks for the comments!
>
>> How did you determine the value of 75th percentile? Is this based on research
>> or experience or derived from some other estimates? 
> We implemented the mechanisms specified in draft-p2psip-self-tuning in our P2PSIP prototype and ran an extensive set of simulations and PlanetLab experiments to determine appropriate values for the parameters. We found that the 75th percentile was a slightly better choice than for instance using the median. This is because if the received estimates happen to vary greatly, it is safer to pick a value that is higher than the median to ensure that the stabilization rate that will be used will be sufficiently high. Using the 75th percentile also enables faster reaction to increasing churn rate.
>
>> Is this choice influenced by number of peers or churn in certain environments.
> The choice of using the 75th percentile is not influenced by the number of peers or the churn rate - we have found the 75th percentile to perform well regardless of the size of the overlay network and the churn rate.
>
> Regards,
> Jouni
>
> From: Tobias Gondrom [mailto:tobias.gondrom@gondrom.org] 
> Sent: 31. toukokuuta 2014 15:46
> To: draft-ietf-p2psip-self-tuning.all@tools.ietf.org
> Cc: iesg@ietf.org; secdir@ietf.org
> Subject: secdir review of draft-ietf-p2psip-self-tuning-11
>
> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.
>
> The draft is standards track and describes how the default topology plugin of RELOAD can be extended to support self-tuning, that is, to adapt to changing operating conditions such as churn and network size. It extends the mandatory-to-implement chord-reload algorithm by making it self-tuning.
>
> The document appears ready for publication.
>
> With one note for the IESG: This security review did only consider this specification, but did not verify the scientific data and research that lead to this algorithm.
>
> The Security Consideration Section 8 seems appropriate for the draft. It also refers to the security considerations of RFC6940 (RELOAD Base).  
>
> One personal question to the authors: 
> In section 8 and 6.5, you introduce the concept of "the statistical mechanisms applied in Section 6.5 (i.e., the use of 75th percentiles) to process the shared estimates a peer obtains help ensuring that estimates that are clearly different from..."
> How did you determine the value of 75th percentile? Is this based on research or experience or derived from some other estimates? Is this choice influenced by number of peers or churn in certain environments. 
> Thank you and best regards. 
>
> Tobias 
>