Skip to main content

Peer-to-Peer Streaming Peer Protocol (PPSPP)
draft-ietf-ppsp-peer-protocol-12

Note: This ballot was opened for revision 10 and is now closed.

Martin Stiemerling Former IESG member
(was Discuss, Yes) Yes
Yes (2014-07-09 for -10) Unknown
The authors have an updated draft ready which addresses IANA's concerns. The updated draft will be posted after the 7/10 IESG telechat. 

Here is the text proposed by IANA:
OLD:
IANA is to create the new registries defined below for the
   extensibility of the protocol.  For all registries, assignments
   consist of a name and its associated value.  Also for all registries,
   the "Unassigned" ranges designated are governed by the policy 'IETF
   Review' as described in [RFC5226].

NEW:
This document is to create a new top-level registry called 
"Peer-to-Peer Streaming Peer Protocol (PPSPP)", which will host 
the six new sub-registries defined below for the extensibility 
of the protocol.  For all registries, assignments
   consist of a name and its associated value.  Also for all registries,
   the "Unassigned" ranges designated are governed by the policy 'IETF
   Review' as described in [RFC5226].
Adrian Farrel Former IESG member
No Objection
No Objection (2014-12-17) Unknown
There are plenty of comments from other ADs and little more is left to be said.

---

It all feels a bit Experimental to me, but I'll leave that to the
judgement of the responsible AD.

---

Section 3.4 is a bit mixed with respect to the transport.
It talks about "if PPSPP is run over an unreliable transport protocol",
but the only transport defined is UDP so the "if" is unnecessary and the
subsequent clause is pointless. This is confirmed by the text later in
the paragraph that confirms that LEDBAT is used and so implicitly 
confirms that UDP is used.

Should be simple enough to tidy up.
Alia Atlas Former IESG member
No Objection
No Objection (2014-07-09 for -10) Unknown
In general, I found this draft very clear and understandable.  I do understand Richard's discuss that the specific message send-responses aren't given concisely, but I think it is understandable.

In Sec 4.2, section after Figure 2:
  Please s/chunk 0..3/chunk C0..C3  and s/chunks 0 and 1/s chunks C0 and C1

  This is just because I had to read it 3 times to stop being confused
  between the bin numbers and the chunk numbers, so I'd ask for
  consistency.

In Sec 5.2, first paragraph:
  Please change 
  "For chunk C4 its uncles are nodes 13 and 3, marked with * in the figure." to
  "For chunk C4 its uncles are nodes 13 and 3 and its sibling is 10; all marked with a * in the figure."

In Sec 7.8, the bit figure only goes to bit 12 instead of bit 16 - but
the range of CAM and the length listed is 8.

In Sec 7.9, can you please add a reference to Table 6 where appropriate?


Sec 8.1: typo: mebibyte

Sec 8.1: The paragraph on PLPMTUD is a bit confusing.  Presumably this
is between two peers - but the chunk sizes used by the swarm would be
specified by the initial seeder.  Thus I can see the PLPMTUD variant
being useful to decide upon the PPSPP datagram size, but not the chunk
size.  Could you please clarify either what I'm missing?

Sec 8.13: typo in first line: s/PEX_RES/PEX_RESv4
Alissa Cooper Former IESG member
(was Discuss) No Objection
No Objection (2014-12-16) Unknown
Thanks for addressing my discuss and comment points.
Barry Leiba Former IESG member
No Objection
No Objection (2014-07-09 for -10) Unknown
Nice work.  This is a well written document, and what looks like a solid protocol.

General question on the chunking:
Is it the case that a given piece of content is chunked in a specific way, with known chunk IDs, such that every peer that's serving that content up (at least in the same swarm) uses the same chunks with the same chunk IDs?  One can guess that from the way things work, but shouldn't the document say that?  Or does it, and I missed it?

-- Section 3.7 --

   When peer Q receives multiple REQUESTs from the same peer
   P, peer Q SHOULD process the REQUESTs in the order received.

What happens if it doesn't?  Is there an interoperability issue here?  A performance issue?  Or what?  (That is, why is this a 2119 SHOULD?)

-- Section 5.3 --

   Thus, as a datagram carries zero or more messages, neither messages
   nor message interdependencies SHOULD span over multiple datagrams.

The negatives in this sentence really make the SHOULD a hidden SHOULD NOT, and its meaning is unclear.  I think it would be clearer if it were worded that way:

NEW
   Thus, as a datagram carries zero or more messages, both messages
   and message interdependencies SHOULD NOT span multiple datagrams.
END

-- Section 12.1.1 --
Nit: "setup" is a noun; "set up" is a verb.  In these two sentences, "setup" should be changed to "set up":

   A content provider wishing to use PPSPP to distribute content should
   setup at least one PPSPP server.

   In addition, a content provider should setup a tracking facility for
   the content by configuring, for example, a PPSP tracker
Benoît Claise Former IESG member
No Objection
No Objection () Unknown

                            
Brian Haberman Former IESG member
No Objection
No Objection (2014-12-15) Unknown
I support Richard's discuss on the viability of this document as a protocol specification and Alissa's point on the use of LEDBAT.
Jari Arkko Former IESG member
No Objection
No Objection (2014-07-08 for -10) Unknown
There has not been a response to Christer Holmberg's Gen-ART review. Do the authors have a view on the questions he asked?

For what it is worth, when I read sections 8.14 and 8.15 they do not give as precise instruction for the implementer about how to handle keepalives and dead peer detection as I’d personally like to see. Perhaps a sentence could be added to explain what a node does (or stops doing) when it declares a peer dead.
Kathleen Moriarty Former IESG member
(was Discuss) No Objection
No Objection (2015-02-26) Unknown
Thanks for responding on the SecDir review and for the responses on integrity checking in particular.
Pete Resnick Former IESG member
No Objection
No Objection (2014-12-18) Unknown
2.2 - s/disjunct/disjoint

3.1.1 -

OLD
   2.  The receiving peer Q checks the HANDSHAKE message from peer P.
       If any check by Q fails, Q MUST NOT send a HANDSHAKE (or any
       other) message back, as the message from P may have been spoofed
       (see Section 13.1).  Only if P and Q are in the same swarm, and Q
       is interested in communicating with P, Q MUST a datagram to P
       that starts with a HANDSHAKE message.  This reply HANDSHAKE MUST
       contain:
NEW
   2.  The receiving peer Q checks the HANDSHAKE message from peer P.
       If any check by Q fails, or if P and Q are not in the same swarm,
       Q MUST NOT send a HANDSHAKE (or any other) message back, as the
       message from P may have been spoofed (see Section 13.1). 
       Otherwise, if Q is interested in communicating with P, Q sends a
       datagram to P that starts with a HANDSHAKE message.  This reply
       HANDSHAKE MUST contain:
END

3.10.1 - "Physically"? I think you can strike that.

4.3.1 - s/MUST send/sends

5.2 - s/MUST receive/needs

5.3 -

OLD
   In short, the sender MUST put into the datagram the hashes he
   believes are necessary for the receiver to verify the chunk.
NEW
   In short, the sender MUST put into the datagram the hashes that
   are necessary for the receiver to verify the chunk.
   
I don't understand what the sender's beliefs have to do with this.

1.1 says, "PPSPP is a generic protocol which can run directly on top of UDP, TCP, or other protocols." Section 8 says, "PPSPP implementations MUST use UDP as transport protocol and MUST use LEDBAT for congestion control [RFC6817].". One of those two statements is lying.

8.5-8.13 - I was really confused for a moment becuase the destination channel ID did not appear in any of these sections. Either show it, or say somewhere that it is left out of all of these sections.
Richard Barnes Former IESG member
(was Discuss) No Objection
No Objection (2015-03-19) Unknown
"In general, no error codes or responses are used in the protocol; absence of any response indicates an error." -- This made me do a bit of a double-take.  Obviously, the requesting peer should timeout if the responding peer doesn't respond, but are there really no cases where the responding peer knows there's a problem and wants to report it?  It seems like the CHOKE message is an indication of this sort.

I have cleared based on the text in 3.1.1, which at least defines how an initial connection is made.  I would encourage the authors, however, to consider whether there are other protocol interactions for which similarly detailed instructions would be useful.
Spencer Dawkins Former IESG member
No Objection
No Objection (2014-07-07 for -10) Unknown
In this text: 

3.  Messages

   In general, no error codes or responses are used in the protocol;
   absence of any response indicates an error.  

Is there accurate qualifier more narrow than "in general" that you could substitute? In a quick scan, the only other instances of "error" are "ICMP error", so maybe you don't need a qualifier at all?

In this text: 

3.1.  HANDSHAKE

   After the handshakes are exchanged, the initiator knows that the peer
   really responds.  Hence, the second datagram the initiator sends MAY
   already contain some heavy payload, e.g.  DATA messages.  To minimize
   the number of initialization round-trips, the first two datagrams
   exchanged MAY also contain some minor payload, e.g.  HAVE messages to
   indicate the current progress of a peer or a REQUEST (see
   Section 3.7), but MUST NOT include any DATA message.

This was difficult for me to parse, and the words "heavy" and "minor" didn't help me understand. Is this saying something like "Peers don't include DATA messages in payloads they send unless they've akwa successfully exchanged messages"? If that's not what's meant, is there a list of "heavy" and "monor" messages? (Obviously, I don't think the MAYs are 2119 MAYs because they are so imprecise, but that's another story)

I should also mention that "heavy" appears 10 times in the specification, and I don't think it's ever defined. Is this a term famliar with those schooled in the art?

In this text: 

3.2.  HAVE

   In particular, whenever a receiving peer P has successfully checked
   the integrity of a chunk, or interval of chunks, it SHOULD send a
                                                       ^^^^^^

   HAVE message to all peers Q1..Qn it wants to interact with in the
   near future.  A policy in peer P determines when the HAVE is sent.  P
   may sent it directly, or peer P may wait until either it has other
   data to sent to Qi, or until it has received and checked multiple
   chunks.  

This wasn't clear to me. I'm not understanding why a SHOULD is appropriate, but I suspect I shouldn't be askig a 2119 question, because this is tangled between "send a HAVE to the peers you want to interact with in the near future" and "if you don't want to interact with a specific peer in the near future, you can wait to send a HAVE". Is that even close?

In this text: 

3.4.  ACK

   ACK messages MUST be sent to acknowledge received chunks if PPSPP is
   run over an unreliable transport protocol.  ACK messages MAY be sent
   if a reliable transport protocol is used.  In the former case, a
   receiving peer that has successfully checked the integrity of a
   chunk, or interval of chunks C MUST send an ACK message containing a
   chunk specification for C. As LEDBAT is used, an ACK message MUST
   contain the one-way delay, computed from the peer's current system
   time received in the DATA message.  A peer MAY delay sending ACK
   messages as defined in the LEDBAT specification.

(I emphasize that this is a question, not even a comment) How hard did the working group fight to pick a single style of transport protocol for PPSPP, rather than support multiple styles that don't use the same state machine? If that decision got good discussion, fine, but I wanted to ask because support for both reliable and ureliable transport adds complexity, and I've seen working groups that tried to do transport-independent protocols only because they thought that's what the ADs expected.

In this text:

5.3.  The Atomic Datagram Principle

   As explained above, a datagram consists of a sequence of messages.
   Ideally, every datagram sent must be independent of other datagrams,
   so each datagram SHOULD be processed separately and a loss of one
   datagram must not disrupt the flow of datagrams between two peers.
   Thus, as a datagram carries zero or more messages, neither messages
   nor message interdependencies SHOULD span over multiple datagrams.

   This principle implies that as any chunk is verified using its uncle
   hashes the necessary hashes SHOULD be put into the same datagram as
   the chunk's data.  If this is not possible because of a limitation on
   datagram size, the necessary hashes MUST be sent first in one or more
   datagrams.  As a general rule, if some additional data is still
   missing to process a message within a datagram, the message SHOULD be
   dropped.

With that many SHOULDs, I'd be worried that implementations using PPSPP can't count on much. If I receive a message that spans multiple datagrams (even though it shouldn't), that don't include the necessary hashes (even though it should), and I don't drop a message with missing data (even though I should), is that all fine?

In this text:

5.4.  INTEGRITY Messages

   Concretely, a peer that wants to send a chunk of content creates a
   datagram that MUST consist of a list of INTEGRITY messages followed
   by a DATA message.  If the INTEGRITY messages and DATA message cannot
   be put into a single datagram because of a limitation on datagram
   size, the INTEGRITY messages MUST be sent first in one or more
   datagrams.  

Is this assuming that the path between peers will never reorder packets?
Stephen Farrell Former IESG member
(was Discuss) No Objection
No Objection (2014-12-17) Unknown
Thanks for handling my various discuss points. I think
you sorted them all, though I have to say I'm not clear
whether or not point (6) was sorted or not, that's
below....

"(6) 8.4: I don't see the swarm's metadata record in the ascii
art diagram and you just say "look at section 7" so two
questions: a) where is the "chunk size used" option in section
7? and b) do all the swarm metadata options have to be sent
each time with no limit on ordering except as given in section
7 (which had one such order sensitive limit I think)?"

However, I'm fine to make this a comment, on the basis
that I don't remember whatever it was I meant by that:-)

I'm also not so sure the s/ppsp:/file:/ URI scheme swap
will really be a fine idea, but it certainly does get past
my objection:-)


--- OLD comments below here, I did not check these for -12, 
but am happy to chat about them if you want.

- Kathleen has the secdir review point covered.

- overall comment: This is too long.

- The elephant is in the room, but not the intro:-) Surely
some comparison with BT is needed in the intro? The first
reference is in 3.7 on p13, which just seems wrong.  If this
is somehow inspired by BT (can't recall) then maybe say so and
add a quick sketch (2-3 sentences) on how this differs from
BT. Those would really help the reader IMO.  Note that this
could be done by reference.

- 1.1: I really dislike the term self-certification as its
quite misleading. I guess its probably too late to get rid of
that but what (I think) is going on here is really naming
chunks so that if you know the hash of the entire content you
can verify that the chunk is from that.  (CHECK!!!)

- 1.3, 'content': s/asset/file/ would be better I think and
less capitalist;-) The term asset is odd here anyway.  Same
elsewhere. (But note this is really nitty, no need to change
unless you want to.)

- 3: I don't get what is meant by this "an external storage
mapping from the linear byte space of a single swarm to
different files" I can sorta see what's meant, but am not
sure. Maybe try clarify?

- 5.3, last para: Is the 1st MUST there really implementable
in general? I think the MUST might be to include those hashes
that the sender thinks the receiver needs.

- 6.1 - this defines two methods yet says "If the protocol
operates in a benign environment the method MAY be used."
Which is meant here?

- 6.1.2.1: what if different folks think NCHUNKS_PER_SIG has
different values? How do we all agree on a value? (BTW, the
last sentence of this section is a cool thing.)

- 7.4: "In other cases a peer MAY include a swarm identifier
option, as an end-to-end check." That's not clear to me, what
other cases?

- 7.6: I don't get why you need so many options here. Do you
really?  SHA1 is probably only needed for legacy stuff (is
there any of that?), and SHA256 should be fine for everything
else. 

- 7.8: The width of the figure seems wrong.

- 7.10: An example compressed encoding would be useful.

- 8.16: "perfectly detected" - huh? what does that mean?