1 / 15

draft-bryan-p2psip-reload-03

draft-bryan-p2psip-reload-03. Cullen Jennings Bruce Lowekamp Eric Rescorla Jonathan Rosenberg Salman Baset Henning Schulzrinne 3/14/2008. Outline. History of merged draft Goals of draft Terminology Architecture Security Clients Encoding Routing NAT Traversal Usages Open Issues.

glynn
Télécharger la présentation

draft-bryan-p2psip-reload-03

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. draft-bryan-p2psip-reload-03 Cullen Jennings Bruce Lowekamp Eric Rescorla Jonathan Rosenberg Salman Baset Henning Schulzrinne 3/14/2008

  2. Outline • History of merged draft • Goals of draft • Terminology • Architecture • Security • Clients • Encoding • Routing • NAT Traversal • Usages • Open Issues

  3. reload-01 tunnels, encoding ASP usages, via-lists P2PP unstructured overlays, diagnostics reload-02 new encoding, better nat traversal reload-03 History of Merged Draft • ASP, reload-01, and P2PP features merged into reload-03 (approx 300 pages merged into 115). • Key point: The authors agree on most of the fundamental aspects of the peer protocol • Incorporates lessons learned from at least four peer protocol implementations. Not exactly like any one of them.

  4. Open Issues • This is very much a work-in-progress. • There are still open issues. • The authors don’t agree on everything that’s in the draft. • Some aspects (e.g. unstructured) not completed. • We hope the document is correct, but repeated merges have not made it clearer. • Many open issues raised in draft. • Name itself is an open issue! • More on those later…

  5. Goals (1 of 2) • Base peer protocol capable of supporting demands of different application scenarios • Very small number of drafts specify a working system • ICE for non-SIP (NICE) and SIP Usage intended to be split • Avoid the hitchhiker’s guide problem • Pluggable components • DHT, service discovery • Functional, implementable base components • Favor implementation simplicity over completeness • Open issue where the group wants to go here

  6. Goals (2 of 2) • Secure • Certificates to authenticate peers and resources • Working assumption that peers are untrusted • Reputation models not currently in base draft • Interoperate with HIP • HIP offers exciting benefits to applications in a P2P setting • Several proposals with different architectures • Ongoing effort to ensure compatibility for future • Implementation does not require HIP

  7. Terminology • Three sources • draft-ietf-p2psip-concepts • IETF terminology (security areas, etc) • p2p community • Terminology from these three areas is often conflicting and not always consistent. • We still need ongoing effort to update p2psip-concepts.

  8. Architecture • Application • -------------------------------------- Usage-defined API • +-------+ +-------+ • Usage | SIP | | XMPP | ... • Layer | Usage | | Usage | • +-------+ +-------+ • -------------------------------------- Distributed Storage API • Overlay Overlay +-------------+ • Routing & Routing & +----+ | +-----+ | • Storage Replication | DB | | |Chord| ... | Topology • Layer Logic +----+ | | | | Plugins • | +-----+ | • +-------------+ • -------------------------------------- • +------+ +-----+ • Forwarding Forwarding & | STUN | | ICE | • Layer Encoding Logic +------+ +-----+ • -------------------------------------- Common Packet Encoding • Transport +-------+ +------+ • Layer |TLS | |DTLS | • +-------+ +------+

  9. Security • Base security on CA/enrollment server certificates • Enrollment server issues random Peer ID(s) • Enrollment server assigns resource ownership (AoR) • Data sent in a STORE request is versioned and signed • Signature is returned with the FETCH • No trust of the responsible peer is required (although responsible peer SHOULD enforce permission model) • Peers are identified by certificates specifying Peer ID • Restricts the form of attacks • Security of P2P overlays still probabilistic • Open Issue: Data (STORE/FETCH/TUNNEL) secrecy not specified • Considering CMS for signatures and secrecy

  10. Clients • Support for clients to do STORE/FETCH • Still allows them to provide services that are discovered in the overlay • Other purposes (data storage) left out for now as out of scope per IETF70 • Clients enroll in same manner as peer (have certificates) • Messages signed just as peer • Don’t actually participate in DHT routing • No special “client protocol” • Two reachability options • Reach through responsible peer (based on client’s ID) • Contact any peer in overlay • relies on source-based routing and multi-hop destination lists • Open Issue: or don’t authenticate client device, but only user/resource • Open Issue: client model needs more description in draft

  11. Encoding • Binary Protocol • Evolved from TLV • T and L only when not known from context • Major components • Forwarding header (source, dest, etc. more on next slide) • Body • Common header describes type of message, dictates remaining encoding • Signature over message • Body and portions of the header

  12. Routing • Header contains Destination and Via list • Destination list allows source-routing • Via-list allows symmetric responses • Route-log for recording/authenticating path separate • Preferred routing is symmetric • Like everything else, subject to WG decision • Has virtue of always working (NATs, joining, healing, etc)* • Other options possible (for example semi-recursive) • need to encode IP address(es) in all messages • need fallback to symmetric when response not directly returnable • Simplicity vs optimization • Expect that different DHT plug-ins and deployments will have different solutions (a global-scale system may only admit peers with public unfiltered IP addresses and use semi-recursive or iterative routing) *See Freedman et al Worlds’05 and Wu, Tian, and Wing IEEE P2P’06

  13. NAT Traversal • ICE • Subset of features, as envisioned by NICE • All peers implement STUN server • Overlay can be provisioned with STUN servers • Peers build list of useful STUN servers from connections • CONNECT method for peer protocol and applications • SIP session establishment • TUNNEL for applications • TURN servers • Open Issue: need for service discovery usages! • Open Issue: require capable peers to be TURN servers?

  14. Usages • STORE/FETCH <data> not enough • who can write, who can read (REGISTER vs voicemail) • what exactly is it, what format? • single value vs list (need atomic operations?) • Usages define kind-ids (type# in encoding), data structure, access control, size limits, Unhashed-ID, merger rules • Many to Many • Applications to Usages • Usages to Kind-ids • SIP Usage • SIP-REGISTRATION kind: AoR -> Contact (GRUU if on a peer) • SIP uses for CONNECT and TUNNEL for SIP dialogs • Depends on Certificate Store usage and TURN usage

  15. Open Issues • Service Discovery • Draft currently has (overly?) simple model • Scalability, locality, capacity • May not want in base draft • Simplicity vs Optimization • DHT • Routing • Transport Layer • Fragmentation, TCP over UDP • Hop-by-hop and end-to-end retransmissions • Data model • Fundamental storage types (more from Henning later)

More Related