Hi Haibin, Thanks for the reply - it is good that we can discuss CPID in this context :)
On Thursday 17 December 2009 9:46:11 pm Song Haibin wrote: > Hi Rich and Enrico, > > I also like the categorization. Generally I agree with most of what you > said here. Actually in section 3.1 "ISP privacy" and secion 3.2 "P2P > privacy" in draft-wang-alto-privacy-load-analysis, we have covered (1) and > (2). Tha's also why we suggested CPID option. Since each peer has a CPID > and the cost can be calculated with CPIDs directly. > ISPs don't have to > give the full map to P2P applications (See below for my comments on this..) > while P2P applications will not have > their behaviors monitored by ISPs. Yes - this is true in both CPID and the maps-based approaches. > You don't have to worry about your CPID > information being theft by other peers, it is useless to them. Can you clarify what you mean by CPID "theft"? > The > benefits of CPID option include not only the obscuration of ISP > information, Can you be more specific here? By "ISP information", do you mean a list of PIDs and the costs amongst the PIDs? If you do mean that it obscures the PIDs and the costs amongst PIDs, I think it can be dangerous to make this claim. Just because the information isn't given away all at once doesn't make it any more "private." For example, it is entirely possible for a set of peers to each query for their own CPIDs, send them to a central server, and have the central server compute the pairwise costs. My feeling is that we should be cautious about solutions that give some party (either ISP or P2P applications) a false sense of privacy or security. > but also simple and light-weight (each peer has to maintain > much smaller information). This could be a benefit if the maps are extremely large (e.g., something on the order of what Enrico had mentioned in his presentation in Hiroshima). > I'm concern about the logic between (3a), (3b) and (3c). Like Enrico > said, ALTO servers SHOULD NOT provide anyone with information they don't > want to get redistributed. Then I don't see any necessary to encrypt the > ALTO information. That means, we don't need to have mechanisms to solve > (3a) and (3b). As I mentioned in my response to Enrico's post, I disagree with the wording here. A provider should have the right to distribute certain information only to authorized parties (and protect it in transit from unauthorized parties). For example, an ISP could provide customized topology information to certain partners. Of course, solving (3a) and (3b) doesn't entail us inventing anything new. If we stick with HTTP, there are already solutions ready for use. > But we still need to have signature or something to prevent > the information being modified and to make sure it is from the right ALTO > server. Yes. It sounded like there was some interest in pursuing this from the meeting in Hiroshima. -- Richard Alimi Department of Computer Science Yale University _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
