Skip to main content

Application-Layer Traffic Optimization (ALTO) Protocol
draft-ietf-alto-protocol-27

Yes

(Martin Stiemerling)
(Spencer Dawkins)

No Objection

(Adrian Farrel)
(Gonzalo Camarillo)

Abstain


Note: This ballot was opened for revision 25 and is now closed.

Martin Stiemerling Former IESG member
Yes
Yes (for -25) Unknown

                            
Spencer Dawkins Former IESG member
Yes
Yes (for -25) Unknown

                            
Adrian Farrel Former IESG member
No Objection
No Objection (for -26) Unknown

                            
Barry Leiba Former IESG member
No Objection
No Objection (2014-02-17 for -25) Unknown
Nothing blocking here, just comments... but please consider them, and I'd appreciate a chat about the last one.

-- Section 1.1 --

   At a high level, the ALTO Protocol specified in this document is a
   unidirectional interface that allows a network to publish its network
   information such as network locations, costs between them at
   configurable granularities, and endhost properties to network
   applications.  The information published by the ALTO Protocol should
   benefit both the network and the applications (i.e., the consumers of
   the information).  Either the operator of the network or a third-
   party (e.g., an information aggregator) can retrieve or derive
   related information of the network and publish it using the ALTO
   Protocol.  When a network provides information through the ALTO
   Protocol, we say that the network provides the ALTO Service.

But in Section 8.3.2, we have this:

   Where possible, the ALTO Protocol uses the HTTP GET method to request
   resources.  However, some ALTO services provide Information Resources
   that are the function of one or more input parameters.  Input
   parameters are encoded in the HTTP request's entity body, and the
   ALTO Client MUST use the HTTP POST method to send the parameters.

That says to me that this isn't unidirectional, and that it's not a question of "publishing" network information.  The client is actively querying, asking for specific information, sometimes using input parameters to pass query information to the server... and the server is responding to a specific query, not publishing common information -- the response will be different for different queries, and perhaps for the same query sent by different clients.

If I'm right, that's very different from publishing information, and it has very different security, privacy, and integrity properties.  A lot of information can be gleaned from specific queries a client might make and parameters it might use, especially when information is aggregated from many queries over time.

You do talk about risks to the client in Section 15.4.1, so I think the only issue here is that Section 1.1 is misleading.  Perhaps a bit of rephrasing will help?

-- Section 10.6 --

   Identifiers prefixed with 'priv:' are reserved for Private Use
   [RFC5226].  Identifiers prefixed with 'exp:' are reserved for
   Experimental use.  For an identifier with the 'priv:' or 'exp:'
   prefix, an additional string (e.g., company identifier or random
   string) MUST follow to reduce potential collisions.  For example, a
   short string after 'exp:' to indicate the starting time of a specific
   experiment is recommended.  All other identifiers that appear in an
   HTTP request or response with an 'application/alto-*' media type and
   indicate Cost Metrics MUST be registered in the ALTO Cost Metrics
   registry Section 14.2.

These aren't really "reserved"; the idea is that anyone can freely use such identifiers without worrying about registration?  This needs to be clear both to IANA and to implementors.  I'm also not sure how to interpret the "MUST" here.  The example gives a good clue, but... suppose Apple wants to use a private identifier.  Should that be "priv:apple:myid", "priv:apple-myid", "priv:apple_myid", "priv:applemyid", any of the above?  All "an additional string MUST follow" tells me is that I can't just use "priv:"... but "priv:x" would satisfy the MUST.  Is that sufficiently specified for you?

Similar comment for 10.8.2.

-- Section 14.2 --

   Identifiers prefixed with 'priv:' are reserved for Private Use.
   Identifiers prefixed with 'exp:' are reserved for Experimental use.

Related to the comment above, this should refer to Section 10.6 for more information.  You have a reference to 10.6 right before this, but I don't think it's enough to draw the eye there for this.  Maybe, "As specified in Section 10.6, indentifiers prefixed with 'priv:' are for Private Use, and identifiers prefixed with 'exp:' are for Experimental use."

-- Section 14.3 --

   The maintenance of this registry is similar to that of the preceding
   ALTO Cost Metrics.

I'd feel lots better if you explicitly pointed to Section 10.8.2 here.  Maybe, "The maintenance of this registry is similar to that of the preceding ALTO Cost Metrics, subject to the description in Section 10.8.2."

-- Sections 14.2, 14.3, 14.4, 14.5 --

All the new registries use IETF Review as their policy.  They do give a reason for that (thanks!), and I accept that reason.  I just have one question: is there really no desire for a provision for other SDOs, such as W3C, to create new entries?  Is the desire really for them to go through the IETF in the event that they want to do that?  You're probably fine here, but because this sort of requirement often paints us into a corner, I wanted to double check (or triple, or...).
Benoît Claise Former IESG member
No Objection
No Objection (2014-02-04 for -25) Unknown
From Jürgen, part of his OPS DIR review:

I enjoyed reading a very clear and well written document. As usual, I
appreciate the "Manageability Considerations" section, which provides
useful guidance.

For the monitoring part (16.1.4.), the document refers to
[I-D.ietf-alto-deployments]. While this I-D provides more discussion,
it still leaves it somewhat open how to effectively monitor the impact
ALTO has on the traffic. It seems difficult to me, within an ISP
network, to separate flows that are influences by an ALTO server from
other flows. The assumption that ALTO-enabled applications provide
that information back to an ISP running ALTO servers sounds a bit
idealistic to me. I also believe it is useful to distinguish
'measurement' from 'monitoring'. One likes to measure the impact an
ALTO server has on the traffic mix and one monitors the ALTO servers
whether they provides say function properly and achieve acceptable
response times.

Section 16.2.3. says "Monitoring ALTO Servers and Clients is described
in [I-D.ietf-alto-deployments]". Appendix A of this I-D talks about
monitoring (actually measuring) the effects of ALTO, but it does not
really talk about monitoring of ALTO servers or clients (e.g., is my
ALTO server getting overloaded?). Yes, some of this overlaps with
16.2.5 - perhaps provide a pointer.

Overall, I once again like to thank the authors for a very well
written document.

Editorial nits:

- p12: s/a defined groupings/defined groupings/

- p24: s/InforResourceDirectory/InfoResourceDirectory/

- p27: s/a the Retry-After/the Retry-After/

- p81: s/from a ALTO/from ALTO/

- p81: "The following is a list of suggested ALTO-specific to be
  monitored [...]" Missing noun?

- p86: s/are the rule/are the rules/
Gonzalo Camarillo Former IESG member
No Objection
No Objection (for -26) Unknown

                            
Jari Arkko Former IESG member
(was Discuss) No Objection
No Objection (2014-02-07 for -25) Unknown
The discussion about the Gen-ART review identified US-ASCII vs. UTF-8 string as a potential issue, and I agree. I can see that there was agreement on e-mail that a change shall be made. Expecting a new version to make the change.
Pete Resnick Former IESG member
No Objection
No Objection (2014-02-19 for -26) Unknown
I'd like to hear your response to Barry on his worry about a conflict between 1.1 and 8.3.2. I don't really see the conflict; just because a client can ask particular questions and get particular answers, or that some of the data in the answers is dynamic, doesn't make the information any less "published". I might agree that "unidirectional" is a strange term to use, but it is certainly "read-only".

Throughout the document: I'm not a big fan of the "we" language. I think it makes it sounds like an academic paper rather than a protocol spec. I prefer "this document" or "this protocol".

6.1.2:

   An ALTO Client SHOULD be cognizant of operations when a
   desired Cost Mode is not supported.

I don't know what an implementer is supposed to do with that sentence. There's nothing actionable there. What I think you mean is, "An ALTO Client MUST be able to support either mode." If that's not what you mean, then I don't know what is intended here.
   
6.1.2.2:

   It is important to note that the values in the Cost Map provided with
   the ordinal Cost Mode are not necessarily the actual costs known to
   the ALTO Server.

I ask this seriously: Why is it important to note that? And who exactly should note that? Are you trying to tell server implementers that they MAY produce values in the Cost Map based on things other than their internal cost metrics? Or are you telling client implementers that the Cost Map may not be completely representational of...something? I don't know what that sentence means or what it's import is.

8.3.3:

   ...the ALTO Server MAY provide...or return an ALTO error object...

That's a strange use of MAY. Giving the answer or giving an error don't seem like "options" in the traditional sense. I'd just say, "...the ALTO Server either provides...or returns an ALTO error object..."

8.3.6: s/MAY/can There's no protocol option being described here.

10.1 (and elsewhere in the document): If you want to be precise, you might change "alphanumeric characters" to "US-ASCII alphanumeric characters".

10.3: I don't think "and 'tag' is a case-sensitive string" adds anything, and in fact it might be confusing. You don't talk about case-sensitivity anywhere in the document, and the below paragraph already talks about "byte-for-byte equal". How about simply, "and tag is is an identifier string, as described in section 6.3".

11.5.1: "It is important to note..." It seems to me that this paragraph is simply saying, "How an ALTO Server calculates costs between individual endpoints is implementation dependent. For example, an ALTO Server could simply use the cost between the PIDs corresponding to the endpoints." I suggest that replacement.
Richard Barnes Former IESG member
(was Discuss) No Objection
No Objection (2014-02-05 for -25) Unknown
Section 7.1.1. doesn't seem like it says what it means; it seems like a network map contains multiple PIDs.

Section 7.1.1 would be more helpful if it said explicitly that the "pid" attribute is the PID for the endpoint in question.
Stephen Farrell Former IESG member
(was Discuss) No Objection
No Objection (2014-02-18 for -26) Unknown
Thanks for sorting my discuss points.

I'm not that keen on the "same trust domain" term in 12.3
to be honest. That is not something a client programmer
can check, and is also pretty weasel-wordy. I'd suggest
changing that to saying "deployed by the same entity"
or something.

---- OLD COMMENTS BELOW, not sure if they've been
handled.

- 2.2: How is a phone number an endpoint address?  Its not
really that good an idea to have not entirely obvious jokes.

- 3.2: I'm surprised that expiry isn't specified, or do you
mean ALTO depends on HTTP cache controls alone? (For
signatures, I can buy you want to wait for JOSE.)

- 8.3.7 is puzzling, is it a corollary that an ALTO server
MUST NOT set cookies? Good if so, maybe make that explicit
though?

- 12.3 - I agree with Joel's discuss. 

- 15 - all environments and use-cases require consideration
about attacks, its just easier for some.
Stewart Bryant Former IESG member
No Objection
No Objection (2014-02-05 for -25) Unknown
"The maintenance of this registry is similar to that of the preceding
 ALTO Cost Metrics."

You should be guided by IANA, but I think it would be better to
explicitly state the registration policy.
Joel Jaeggli Former IESG member
(was Discuss) Abstain
Abstain (2014-02-14 for -25) Unknown
was discuss

I can live with the proposed text that came out of the discussion. in any event I said I would do this.

formerly:
so I raised this issue during the LC,  and I'm I'm pretty sure I will clear
without changes but I wanted to discuss it.

section 12.3 has some pretty dire consequences in terms of the potential for
abuse  on the form of inadvertent disclosure or malicious (from the vantage
point of the client) traffic engineering. while the document deals with those
why/recommend/include it at all? The only cases where I would consider it
appropriate are where the alto server and either the client or server endpoints
are under a single administrative span of control.