Dear Yingjie, > I think "Redistribution" should not be unlimited. How do you want to limit redistribution in practice, i.e., how do you want to enforce such a limitation?
> Second, redistributed information must include accurate ALTO SERVER > INFORMATION, e.g. network position or name, and what kind of > information it > is, so that client can judge the usage of the information. > Last but not least, client must cognize his ALTO SERVER INFORMATION and > share a unified information description language among all clients, at > least > those in one application swarm. I agree, but in addition it is also very important that the redistributed ALTO information includes the input parameters which where the basis for generating the ALTO information. > Instead of an overall trusted third party, a dedicated CA for a > particular > network position, neither too small nor too big, will work. > Applications can > make their clients cognize the dedicated CA as they notice clients > about > dedicated ALTO servers. Yes, that can work, but especially if you consider mobility of clients it will not always work. Also, currently the WG is discussing ALTO discovery. That means that ALTO clients most probably will not have the location of ALTO servers "hardcoded" in their implementation. However, to boostrap a CA hierarchy of trust, the public key of a Root-CA needs to be available to the client. I do not believe in PKI set-up by users nor certificate management by users (think of certificate error messages in today's web-browsers, which btw have a certificate of a Root-CA hardcoded in their implementation). All I am saying is that it works fine in theory but is not so easy in practice... - Jan > -----Original Message----- > From: Y.J. Gu [mailto:[email protected]] > Sent: Donnerstag, 13. August 2009 05:56 > To: Jan Seedorf; 'alto' > Subject: RE: [alto] [ALTO] Comments on [draft-stiemerling-alto-info- > redist-00] > > Hi Jan, > See in line pls. > > Regards > > Yingjie Gu > > > > > -----Original Message----- > > From: Jan Seedorf [mailto:[email protected]] > > Sent: Wednesday, August 12, 2009 11:15 PM > > To: Y.J. Gu; alto > > Subject: RE: [alto] [ALTO] Comments on > > [draft-stiemerling-alto-info-redist-00] > > > > Dear Yingjie, > > > > I think the problem of redistributed ALTO-information is not > > so easy, some comments below. > > > Agreed, there may be certain use-cases where redistribution > > may not be problematic. But consider the case where certain > > information provided by an ALTO-server is _relative_ to that > > ALTO-server's location in the network. If such information > > gets redistributed, an ALTO-client not being aware of the > > original ALTO-server's location may misinterpret this > > information. In other words, by redistributing guidance > > information, its original semantic might be disguised. I > > think this is the problem being addressed in Martin's draft > > and specifically in the quote above. > > > > I think "Redistribution" should not be unlimited. > First of all, not all information is redistributed. > Second, redistributed information must include accurate ALTO SERVER > INFORMATION, e.g. network position or name, and what kind of > information it > is, so that client can judge the usage of the information. > Last but not least, client must cognize his ALTO SERVER INFORMATION and > share a unified information description language among all clients, at > least > those in one application swarm. > Richard Alimi gave excellent examples in his email. Of course, there > maybe > other methods. > By this mean, client can find suitable redistributed information. > > > Indeed, a CA-hierarchy is the technical solution. However, > > practically it is not always the case that two hosts on the > > Internet share a trusted third party, and certainly there is > > no overall Internet-wide CA hierarchy trusted by all hosts. > > In P2PSIP-RELOAD, the assumption is that there is an > > enrollment server, i.e., a certificate authority which > > certifies identities in the P2P-network (DHT). In other > > words, any peer who wants to join the P2PSIP network has to > > enroll with this identity certification service. I do not > > think that is a reasonable assumption for ALTO and I think > > this was the point in the quote above. > > > > - Jan > > Instead of an overall trusted third party, a dedicated CA for a > particular > network position, neither too small nor too big, will work. > Applications can > make their clients cognize the dedicated CA as they notice clients > about > dedicated ALTO servers. _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
