Sebastian,
Yes, a client can get the full map ... but the map does change. So the
client needs to refresh it periodically. How often? No way to tell.
I think the critical question is how often a client needs an ALTO cost. A
busy p2p tracker that does 5 ALTO lookups a second should certainly
download the full map and do its own lookups. And refresh/check the map
every 30 minutes, every hour, whatever.
But I suspect very few ALTO clients will use ALTO that heavily. My guess
is that for most clients, the time-between-lookups will be roughly the
same as the period for refreshing the cost map. In that case, the client
is better off sending an endpoint-cost query each time.
BTW, I've written several applications that use an ALTO server. In each
case, I used the endpoint-cost service, simply because that was easier
than getting the full map, caching it, defining a refresh period, checking
the map when the period was up, synchronizing access in a multi-threaded
application, etc, etc.
Again, I suggest letting the marketplace decide. If customers really want
full cost maps, ALTO providers will offer them.
Put it another way: I think the decision to offer a full cost-map is a
"policy" issue rather than "mechanism" issue -- and I think RFCs should
define "mechanisms", and leave the "policies" to the folks who implement
those protocols. I realize that opinion may be extreme, so the rest of
you, feel free to comment!
- Wendy Roome
>From: Sebastian Kiesel <[email protected]>
>Subject: Re: [alto] Security problem: DoS attacks via overload
> .....
>3. The cost map is a simple "tell me all you know" thing that can be
> pre-computed and cached. If we abandon it, clients might be tempted
> to ask multiple queries to gather as much information as possible,
> each possibly causing server-side computations.
_______________________________________________
alto mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/alto
