Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
From: alto [mailto:alto-boun...@ietf.org] On Behalf Of Y. Richard Yang Sent: Tuesday, July 01, 2014 8:09 PM To: Sebastian Kiesel Cc: IETF ALTO Subject: Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? On Mon, Jun 30, 2014 at 10:35 AM, Sebastian Kiesel ietf-a...@skiesel.de wrote: On Fri, Jun 27, 2014 at 12:16:16PM -0500, Vijay K. Gurbani wrote: On 06/26/2014 04:58 AM, Scharf, Michael (Michael) wrote: Haibin asked me to send the following comment from a private discussion also to the list: Section 3.3 of draft-deng-alto-p2p-ext-01 suggest a new Endpoint Property Type network_access for P2P peer selection. As far as I recall, this type of ALTO guidance was discussed in the past quite a bit, and there may have been privacy concerns. For instance, draft-ietf-alto-deployments-09 Section 3.2.4. includes the following statement: o Performance metrics that raise privacy concerns. For instance, it has been questioned whether an ALTO service could publicly expose the provisioned access bandwidth, e.g. of cable / DSL customers, because this could enables identification of premium customers. That text was already in draft-ietf-alto-deployments before I started to edit this document. For P2P use cases, I wonder whether that concern might (still) apply to endpoint properties such as DSL vs. FTTH as currently suggested draft-deng-alto-p2p-ext-01. [As individual, of course.] I suspect the type of network access (DSL, cable, FTTH, satellite) is probably okay. Commercial companies often publicly tout the deployment of certain access technologies in neighbourhoods. I know some neighborhoods where FTTH is available, but at very high prices. Consequently, many people there prefer to keep their existing xDSL or cable based Internet service. If we used ALTO to announce who decided to pay the high price for FTTH, I would consider this as a potential privacy concern, because this would be some kind of list of households with better-than-average income and/or computer professionals or enthusiasts living there. This is an interesting example, and provides a case where access control may be used. I always expect that there should be an access control mechanism, in given settings, to limit the information exposure of ALTO info. I can imagine that this can be endhost opt-in, or provider control (e.g., only certain trusted entities can access the URL). [邓灵莉/Lingli Deng] Good idea. Greater flexibility can be delivered by access control at the discretion of both the network operator and the individual subscriber. Richard Sebastian ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
On 06/28/2014 01:00 AM, Songhaibin (A) wrote: Perhaps a midway could be to see if we can use the provisioned bandwidth for a set of (anonymous) subscribers instead of singleton subscribers. That way, the larger herd provides some modicum of anonymity to an individual subscriber who is part of the herd. So just ranking a list of endpoints from the perspective of provisioned bandwidth will alleviate the privacy issue. I think it is possible to do it in this way. Haibin: Yes, that is one potential way to alleviate the privacy issue if a provisioned bandwidth is necessary for an ALTO service. Reinaldo has provided some input as well; my preference would be to start thinking of such privacy issues right at the onset so we have a reasonable idea of the pros and cons of any solution that the WG comes up with. Cheers, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
On 06/28/2014 12:55 AM, Songhaibin (A) wrote: However, I also suspect that the privacy concerns on *provisioned* access bandwidth are still intact since they will tend to point to subscribers that are outliers. I'm not sure I understand this sentence due to my poor English. By outlier do you mean some exceptional/abnormal provisioned bandwidth value bound to an endpoint property? Haibin: Your English is excellent, and yes, that is what I meant. If the endpoints with higher provisioned access bandwidth would be pointed more often than other endpoints, you imply the privacy concern is: those endpoints do not want to be recognized? It's more than those endpoints don't want to be recognized, the question is: has the subscriber corresponding to the endpoint provided consent to allow his/her provisioned bandwidth to be distributed by ALTO? Thanks, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
On Fri, Jun 27, 2014 at 12:16:16PM -0500, Vijay K. Gurbani wrote: On 06/26/2014 04:58 AM, Scharf, Michael (Michael) wrote: Haibin asked me to send the following comment from a private discussion also to the list: Section 3.3 of draft-deng-alto-p2p-ext-01 suggest a new Endpoint Property Type network_access for P2P peer selection. As far as I recall, this type of ALTO guidance was discussed in the past quite a bit, and there may have been privacy concerns. For instance, draft-ietf-alto-deployments-09 Section 3.2.4. includes the following statement: o Performance metrics that raise privacy concerns. For instance, it has been questioned whether an ALTO service could publicly expose the provisioned access bandwidth, e.g. of cable / DSL customers, because this could enables identification of premium customers. That text was already in draft-ietf-alto-deployments before I started to edit this document. For P2P use cases, I wonder whether that concern might (still) apply to endpoint properties such as DSL vs. FTTH as currently suggested draft-deng-alto-p2p-ext-01. [As individual, of course.] I suspect the type of network access (DSL, cable, FTTH, satellite) is probably okay. Commercial companies often publicly tout the deployment of certain access technologies in neighbourhoods. I know some neighborhoods where FTTH is available, but at very high prices. Consequently, many people there prefer to keep their existing xDSL or cable based Internet service. If we used ALTO to announce who decided to pay the high price for FTTH, I would consider this as a potential privacy concern, because this would be some kind of list of households with better-than-average income and/or computer professionals or enthusiasts living there. Sebastian ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
-Original Message- From: alto [mailto:alto-boun...@ietf.org] On Behalf Of Reinaldo Penno (repenno) Sent: Saturday, June 28, 2014 7:55 PM To: Songhaibin (A); Vijay K. Gurbani; alto@ietf.org Subject: Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? I'm not talking about on-demand available bandwidth, It is the bandwidth configured in the application. It is a configured value. Just take a look at any utorrent client. [邓灵莉/Lingli Deng] I am a little bit confused here. If the cap is configured in the app, then why would the app's tracker bother to query a ALTO server for this value? It seems to me that ALTO should be providing more general information that would assist a group of applications, rather than a single one. Make sense? A utorrent client will never use more than that amount of bandwidth, no matter your provisioned bandwidth. From: Songhaibin (A) [haibin.s...@huawei.com] Sent: Friday, June 27, 2014 11:09 PM To: Reinaldo Penno (repenno); Vijay K. Gurbani; alto@ietf.org Subject: RE: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? Hi Reinaldo, Thank you and I think you raised a very good question. I totally agree that available bandwidth is more useful than provisioned bandwidth. But available bandwidth is rather dynamic, and it is very hard to measure it and provide the real-time status to ALTO clients. With providing provisioned bandwidth, it can be seen with a high probability a client can select a better peer. It is better than random IMO. But if there is an easy method to rank the available bandwidth of a peer list, I will be very interested. BR, -Haibin -Original Message- From: alto [mailto:alto-boun...@ietf.org] On Behalf Of Reinaldo Penno (repenno) Sent: Saturday, June 28, 2014 1:33 AM To: Vijay K. Gurbani; alto@ietf.org Subject: Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? Another point is how¹s the provisioned access bandwidth really help decide which peers are better. Today most P2P software allow caps to be put for upload/download and people use it. Some come with a default based on the % of the detect access speed. So, saying a user has 1Gb/s does not really mean you will get better performance when connecting to him(er). I mean, it would more inline with better than random to get the actual bandwidth allowed. On 6/27/14, 10:26 AM, Vijay K. Gurbani v...@bell-labs.com wrote: [Still as individual.] On 06/26/2014 05:10 AM, Songhaibin (A) wrote: Sebastian gave an idea that we can use relative numbers to indicate the endpoint's provisioned bandwidth instead of access type, which is similar to what we have used to indicate the cost in the alto protocol. The difference, of course, being that the ISP in some manner consented to having a normalized value of cost to be distributed in order to allow for better than random selections to improve network performance. In the case under discussion, the issue is does the subscriber consent to having their provisioned bandwidth be part of ALTO calculations? Remember, if the WG decides to go ahead and use provisioned bandwidth anyway, it could always do so. But then we'd better be prepared to deal with the eventuality on when (and if) the IESG challenges us on this privacy leak. If that happens, we'd better have a good response. Perhaps a midway could be to see if we can use the provisioned bandwidth for a set of (anonymous) subscribers instead of singleton subscribers. That way, the larger herd provides some modicum of anonymity to an individual subscriber who is part of the herd. Cheers, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
Hi Vijay, Thanks again, -Original Message- From: alto [mailto:alto-boun...@ietf.org] On Behalf Of Vijay K. Gurbani Sent: Saturday, June 28, 2014 1:27 AM To: alto@ietf.org Subject: Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? [Still as individual.] On 06/26/2014 05:10 AM, Songhaibin (A) wrote: Sebastian gave an idea that we can use relative numbers to indicate the endpoint's provisioned bandwidth instead of access type, which is similar to what we have used to indicate the cost in the alto protocol. The difference, of course, being that the ISP in some manner consented to having a normalized value of cost to be distributed in order to allow for better than random selections to improve network performance. In the case under discussion, the issue is does the subscriber consent to having their provisioned bandwidth be part of ALTO calculations? Remember, if the WG decides to go ahead and use provisioned bandwidth anyway, it could always do so. But then we'd better be prepared to deal with the eventuality on when (and if) the IESG challenges us on this privacy leak. If that happens, we'd better have a good response. Perhaps a midway could be to see if we can use the provisioned bandwidth for a set of (anonymous) subscribers instead of singleton subscribers. That way, the larger herd provides some modicum of anonymity to an individual subscriber who is part of the herd. So just ranking a list of endpoints from the perspective of provisioned bandwidth will alleviate the privacy issue. I think it is possible to do it in this way. BR, -Haibin Cheers, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
Hi Reinaldo, Thank you and I think you raised a very good question. I totally agree that available bandwidth is more useful than provisioned bandwidth. But available bandwidth is rather dynamic, and it is very hard to measure it and provide the real-time status to ALTO clients. With providing provisioned bandwidth, it can be seen with a high probability a client can select a better peer. It is better than random IMO. But if there is an easy method to rank the available bandwidth of a peer list, I will be very interested. BR, -Haibin -Original Message- From: alto [mailto:alto-boun...@ietf.org] On Behalf Of Reinaldo Penno (repenno) Sent: Saturday, June 28, 2014 1:33 AM To: Vijay K. Gurbani; alto@ietf.org Subject: Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? Another point is how¹s the provisioned access bandwidth really help decide which peers are better. Today most P2P software allow caps to be put for upload/download and people use it. Some come with a default based on the % of the detect access speed. So, saying a user has 1Gb/s does not really mean you will get better performance when connecting to him(er). I mean, it would more inline with better than random to get the actual bandwidth allowed. On 6/27/14, 10:26 AM, Vijay K. Gurbani v...@bell-labs.com wrote: [Still as individual.] On 06/26/2014 05:10 AM, Songhaibin (A) wrote: Sebastian gave an idea that we can use relative numbers to indicate the endpoint's provisioned bandwidth instead of access type, which is similar to what we have used to indicate the cost in the alto protocol. The difference, of course, being that the ISP in some manner consented to having a normalized value of cost to be distributed in order to allow for better than random selections to improve network performance. In the case under discussion, the issue is does the subscriber consent to having their provisioned bandwidth be part of ALTO calculations? Remember, if the WG decides to go ahead and use provisioned bandwidth anyway, it could always do so. But then we'd better be prepared to deal with the eventuality on when (and if) the IESG challenges us on this privacy leak. If that happens, we'd better have a good response. Perhaps a midway could be to see if we can use the provisioned bandwidth for a set of (anonymous) subscribers instead of singleton subscribers. That way, the larger herd provides some modicum of anonymity to an individual subscriber who is part of the herd. Cheers, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
I'm not talking about on-demand available bandwidth, It is the bandwidth configured in the application. It is a configured value. Just take a look at any utorrent client. A utorrent client will never use more than that amount of bandwidth, no matter your provisioned bandwidth. From: Songhaibin (A) [haibin.s...@huawei.com] Sent: Friday, June 27, 2014 11:09 PM To: Reinaldo Penno (repenno); Vijay K. Gurbani; alto@ietf.org Subject: RE: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? Hi Reinaldo, Thank you and I think you raised a very good question. I totally agree that available bandwidth is more useful than provisioned bandwidth. But available bandwidth is rather dynamic, and it is very hard to measure it and provide the real-time status to ALTO clients. With providing provisioned bandwidth, it can be seen with a high probability a client can select a better peer. It is better than random IMO. But if there is an easy method to rank the available bandwidth of a peer list, I will be very interested. BR, -Haibin -Original Message- From: alto [mailto:alto-boun...@ietf.org] On Behalf Of Reinaldo Penno (repenno) Sent: Saturday, June 28, 2014 1:33 AM To: Vijay K. Gurbani; alto@ietf.org Subject: Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? Another point is how¹s the provisioned access bandwidth really help decide which peers are better. Today most P2P software allow caps to be put for upload/download and people use it. Some come with a default based on the % of the detect access speed. So, saying a user has 1Gb/s does not really mean you will get better performance when connecting to him(er). I mean, it would more inline with better than random to get the actual bandwidth allowed. On 6/27/14, 10:26 AM, Vijay K. Gurbani v...@bell-labs.com wrote: [Still as individual.] On 06/26/2014 05:10 AM, Songhaibin (A) wrote: Sebastian gave an idea that we can use relative numbers to indicate the endpoint's provisioned bandwidth instead of access type, which is similar to what we have used to indicate the cost in the alto protocol. The difference, of course, being that the ISP in some manner consented to having a normalized value of cost to be distributed in order to allow for better than random selections to improve network performance. In the case under discussion, the issue is does the subscriber consent to having their provisioned bandwidth be part of ALTO calculations? Remember, if the WG decides to go ahead and use provisioned bandwidth anyway, it could always do so. But then we'd better be prepared to deal with the eventuality on when (and if) the IESG challenges us on this privacy leak. If that happens, we'd better have a good response. Perhaps a midway could be to see if we can use the provisioned bandwidth for a set of (anonymous) subscribers instead of singleton subscribers. That way, the larger herd provides some modicum of anonymity to an individual subscriber who is part of the herd. Cheers, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
Hi Reinaldo, Right. This kind of configured fixed bandwidth cap is useful, and we could also collect that information as an Endpoint property. Configuration can be in several different ways. When an endpoint sets its percentage of bandwidth for this particular application, in this case, the bandwidth is dynamic, due to in peak hours, the ISP may not guarantee bandwidth for the subscribers (at least it is true for the ISPs in China, during the evening hours). And an endpoint can also configure one type of application with having higher priority than other types, for example, web browsing has priority over p2p. In this case, the available bandwidth is also dynamic for p2p. BR, -Haibin -Original Message- From: Reinaldo Penno (repenno) [mailto:repe...@cisco.com] Sent: Saturday, June 28, 2014 7:55 PM To: Songhaibin (A); Vijay K. Gurbani; alto@ietf.org Subject: RE: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? I'm not talking about on-demand available bandwidth, It is the bandwidth configured in the application. It is a configured value. Just take a look at any utorrent client. A utorrent client will never use more than that amount of bandwidth, no matter your provisioned bandwidth. From: Songhaibin (A) [haibin.s...@huawei.com] Sent: Friday, June 27, 2014 11:09 PM To: Reinaldo Penno (repenno); Vijay K. Gurbani; alto@ietf.org Subject: RE: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? Hi Reinaldo, Thank you and I think you raised a very good question. I totally agree that available bandwidth is more useful than provisioned bandwidth. But available bandwidth is rather dynamic, and it is very hard to measure it and provide the real-time status to ALTO clients. With providing provisioned bandwidth, it can be seen with a high probability a client can select a better peer. It is better than random IMO. But if there is an easy method to rank the available bandwidth of a peer list, I will be very interested. BR, -Haibin -Original Message- From: alto [mailto:alto-boun...@ietf.org] On Behalf Of Reinaldo Penno (repenno) Sent: Saturday, June 28, 2014 1:33 AM To: Vijay K. Gurbani; alto@ietf.org Subject: Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01? Another point is how¹s the provisioned access bandwidth really help decide which peers are better. Today most P2P software allow caps to be put for upload/download and people use it. Some come with a default based on the % of the detect access speed. So, saying a user has 1Gb/s does not really mean you will get better performance when connecting to him(er). I mean, it would more inline with better than random to get the actual bandwidth allowed. On 6/27/14, 10:26 AM, Vijay K. Gurbani v...@bell-labs.com wrote: [Still as individual.] On 06/26/2014 05:10 AM, Songhaibin (A) wrote: Sebastian gave an idea that we can use relative numbers to indicate the endpoint's provisioned bandwidth instead of access type, which is similar to what we have used to indicate the cost in the alto protocol. The difference, of course, being that the ISP in some manner consented to having a normalized value of cost to be distributed in order to allow for better than random selections to improve network performance. In the case under discussion, the issue is does the subscriber consent to having their provisioned bandwidth be part of ALTO calculations? Remember, if the WG decides to go ahead and use provisioned bandwidth anyway, it could always do so. But then we'd better be prepared to deal with the eventuality on when (and if) the IESG challenges us on this privacy leak. If that happens, we'd better have a good response. Perhaps a midway could be to see if we can use the provisioned bandwidth for a set of (anonymous) subscribers instead of singleton subscribers. That way, the larger herd provides some modicum of anonymity to an individual subscriber who is part of the herd. Cheers, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
On 06/26/2014 04:58 AM, Scharf, Michael (Michael) wrote: Haibin asked me to send the following comment from a private discussion also to the list: Section 3.3 of draft-deng-alto-p2p-ext-01 suggest a new Endpoint Property Type network_access for P2P peer selection. As far as I recall, this type of ALTO guidance was discussed in the past quite a bit, and there may have been privacy concerns. For instance, draft-ietf-alto-deployments-09 Section 3.2.4. includes the following statement: o Performance metrics that raise privacy concerns. For instance, it has been questioned whether an ALTO service could publicly expose the provisioned access bandwidth, e.g. of cable / DSL customers, because this could enables identification of premium customers. That text was already in draft-ietf-alto-deployments before I started to edit this document. For P2P use cases, I wonder whether that concern might (still) apply to endpoint properties such as DSL vs. FTTH as currently suggested draft-deng-alto-p2p-ext-01. [As individual, of course.] I suspect the type of network access (DSL, cable, FTTH, satellite) is probably okay. Commercial companies often publicly tout the deployment of certain access technologies in neighbourhoods. However, I also suspect that the privacy concerns on *provisioned* access bandwidth are still intact since they will tend to point to subscribers that are outliers. Thanks, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
[Still as individual.] On 06/26/2014 05:10 AM, Songhaibin (A) wrote: Sebastian gave an idea that we can use relative numbers to indicate the endpoint's provisioned bandwidth instead of access type, which is similar to what we have used to indicate the cost in the alto protocol. The difference, of course, being that the ISP in some manner consented to having a normalized value of cost to be distributed in order to allow for better than random selections to improve network performance. In the case under discussion, the issue is does the subscriber consent to having their provisioned bandwidth be part of ALTO calculations? Remember, if the WG decides to go ahead and use provisioned bandwidth anyway, it could always do so. But then we'd better be prepared to deal with the eventuality on when (and if) the IESG challenges us on this privacy leak. If that happens, we'd better have a good response. Perhaps a midway could be to see if we can use the provisioned bandwidth for a set of (anonymous) subscribers instead of singleton subscribers. That way, the larger herd provides some modicum of anonymity to an individual subscriber who is part of the herd. Cheers, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
Another point is how¹s the provisioned access bandwidth really help decide which peers are better. Today most P2P software allow caps to be put for upload/download and people use it. Some come with a default based on the % of the detect access speed. So, saying a user has 1Gb/s does not really mean you will get better performance when connecting to him(er). I mean, it would more inline with better than random to get the actual bandwidth allowed. On 6/27/14, 10:26 AM, Vijay K. Gurbani v...@bell-labs.com wrote: [Still as individual.] On 06/26/2014 05:10 AM, Songhaibin (A) wrote: Sebastian gave an idea that we can use relative numbers to indicate the endpoint's provisioned bandwidth instead of access type, which is similar to what we have used to indicate the cost in the alto protocol. The difference, of course, being that the ISP in some manner consented to having a normalized value of cost to be distributed in order to allow for better than random selections to improve network performance. In the case under discussion, the issue is does the subscriber consent to having their provisioned bandwidth be part of ALTO calculations? Remember, if the WG decides to go ahead and use provisioned bandwidth anyway, it could always do so. But then we'd better be prepared to deal with the eventuality on when (and if) the IESG challenges us on this privacy leak. If that happens, we'd better have a good response. Perhaps a midway could be to see if we can use the provisioned bandwidth for a set of (anonymous) subscribers instead of singleton subscribers. That way, the larger herd provides some modicum of anonymity to an individual subscriber who is part of the herd. Cheers, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurb...@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/ | Calendar: http://goo.gl/x3Ogq ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
Re: [alto] Potential privacy issue in draft-deng-alto-p2p-ext-01?
Hi Michael, Thank you very much for your comments and sending the comment to the list! And in my memory, this was debate in this working group about the privacy of network access type. But I do not remember there was a consensus. Thank you very much for pointing it out. I think even some people may have concern on it, but those properties could be used in some constraint environment. Or use it in another way. Sebastian gave an idea that we can use relative numbers to indicate the endpoint's provisioned bandwidth instead of access type, which is similar to what we have used to indicate the cost in the alto protocol. I think this is more useful than access type, and can also in somewhat relief the privacy concern? BR, -Haibin -Original Message- From: Scharf, Michael (Michael) [mailto:michael.sch...@alcatel-lucent.com] Sent: Thursday, June 26, 2014 5:59 PM To: IETF ALTO Cc: Songhaibin (A) Subject: Potential privacy issue in draft-deng-alto-p2p-ext-01? Haibin asked me to send the following comment from a private discussion also to the list: Section 3.3 of draft-deng-alto-p2p-ext-01 suggest a new Endpoint Property Type network_access for P2P peer selection. As far as I recall, this type of ALTO guidance was discussed in the past quite a bit, and there may have been privacy concerns. For instance, draft-ietf-alto-deployments-09 Section 3.2.4. includes the following statement: o Performance metrics that raise privacy concerns. For instance, it has been questioned whether an ALTO service could publicly expose the provisioned access bandwidth, e.g. of cable / DSL customers, because this could enables identification of premium customers. That text was already in draft-ietf-alto-deployments before I started to edit this document. For P2P use cases, I wonder whether that concern might (still) apply to endpoint properties such as DSL vs. FTTH as currently suggested draft-deng-alto-p2p-ext-01. Michael ___ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto