[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [P2PSIP] D/TLS with client authentication

To: Eric Rescorla <ekr at rtfm.com>
Subject: Re: [P2PSIP] D/TLS with client authentication
From: Jouni Mäenpää <jouni.maenpaa at ericsson.com>
Date: Fri, 02 Oct 2009 08:49:47 +0300
Cc: "p2psip at ietf.org" <p2psip at ietf.org>
Delivered-to: p2psip at core3.amsl.com
In-reply-to: <d3aa5d00910011351i183e72f8q5be6f2b6e0237786 at mail.gmail.com>
List-archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-help: <mailto:p2psip-request@ietf.org?subject=help>
List-id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-post: <mailto:p2psip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
References: <4AC41D9B.1040504 at idssoftware.com> <8BA1841D-F629-4243-8D0B-CDA730BDB942 at rtfm.com> <4AC5149A.1090308 at idssoftware.com> <d3aa5d00910011351i183e72f8q5be6f2b6e0237786 at mail.gmail.com>
User-agent: Thunderbird 2.0.0.17 (X11/20080925)

Hi,

>> Let's give it some more thought. With client authentication, any two
>> directly connected peers "trust" each other based on their overlay
>> credentials.  Therefore, single hop messages like DHT stablization can be
>> exchanged between them with no signature/certificates attached.  That's a
>> great saving to consider.
> 
> Yes, this is a potential optimization. But unless something is seriously
> wrong with the design (or the overlay is essentially quiescent), then
> this sort of stabilization traffic should be a small amount of the overall
> traffic, so it's not clear what the overall savings is.

Just one comment. I agree that if the overlay is experiencing very
little or no churn at all, the amount of stabilization traffic is rather
low. However, based on my experiences of running a P2P overlay in
PlanetLab, I would say that if the overlay is churning even at a
moderate rate, optimizations like this might well be worth doing. When
there is churn, you need to increase the amount of stabilization
messages and it is not unusual that a considerable percentage of the
total traffic is stabilization traffic.

-Jouni

References:
- [P2PSIP] D/TLS with client authentication
  - From: Michael Chen
- Re: [P2PSIP] D/TLS with client authentication
  - From: Eric Rescorla
- Re: [P2PSIP] D/TLS with client authentication
  - From: Michael Chen
- Re: [P2PSIP] D/TLS with client authentication
  - From: Eric Rescorla

Prev by Date: Re: [P2PSIP] D/TLS with client authentication
Next by Date: Re: [P2PSIP] D/TLS with client authentication
Previous by thread: Re: [P2PSIP] D/TLS with client authentication
Next by thread: Re: [P2PSIP] D/TLS with client authentication
Index(es):
- Date
- Thread