Internet Engineering Task Force (IETF) S. Kiesel, Ed.
Request for Comments: 6708 University of Stuttgart
Category: Informational S. Previdi
ISSN: 2070-1721 Cisco Systems, Inc.
M. Stiemerling
NEC Europe Ltd.
R. Woundy
Comcast Corporation
Y. Yang
Yale University
September 2012
Internet Engineering Task Force (IETF) S. Kiesel, Ed.
Request for Comments: 6708 University of Stuttgart
Category: Informational S. Previdi
ISSN: 2070-1721 Cisco Systems, Inc.
M. Stiemerling
NEC Europe Ltd.
R. Woundy
Comcast Corporation
Y. Yang
Yale University
September 2012
Application-Layer Traffic Optimization (ALTO) Requirements
应用层流量优化(ALTO)要求
Abstract
摘要
Many Internet applications are used to access resources, such as pieces of information or server processes that are available in several equivalent replicas on different hosts. This includes, but is not limited to, peer-to-peer file sharing applications. The goal of Application-Layer Traffic Optimization (ALTO) is to provide guidance to applications that have to select one or several hosts from a set of candidates capable of providing a desired resource. This guidance shall be based on parameters that affect performance and efficiency of the data transmission between the hosts, e.g., the topological distance. The ultimate goal is to improve performance or Quality of Experience in the application while reducing the utilization of the underlying network infrastructure.
许多Internet应用程序用于访问资源,例如在不同主机上的多个等效副本中可用的信息片段或服务器进程。这包括但不限于对等文件共享应用程序。应用层流量优化(ALTO)的目标是为那些必须从一组能够提供所需资源的候选主机中选择一个或多个主机的应用程序提供指导。本指南应基于影响主机间数据传输性能和效率的参数,例如拓扑距离。最终目标是提高应用程序的性能或体验质量,同时降低底层网络基础设施的利用率。
This document enumerates requirements for specifying, assessing, or comparing protocols and implementations.
本文档列举了指定、评估或比较协议和实现的要求。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6708.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6708.
Copyright Notice
版权公告
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Architectural Framework . . . . . . . . . . . 3
2.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3
2.2. ALTO Terminology . . . . . . . . . . . . . . . . . . . . . 3
2.3. Architectural Framework for ALTO . . . . . . . . . . . . . 5
3. ALTO Requirements . . . . . . . . . . . . . . . . . . . . . . 5
3.1. ALTO Client Protocol . . . . . . . . . . . . . . . . . . . 5
3.1.1. General Requirements . . . . . . . . . . . . . . . . . 5
3.1.2. Host-Group Descriptor Support . . . . . . . . . . . . 6
3.1.3. Rating Criteria Support . . . . . . . . . . . . . . . 7
3.1.4. Placement of Entities and Timing of Transactions . . . 9
3.1.5. Protocol Extensibility . . . . . . . . . . . . . . . . 11
3.1.6. Error Handling and Overload Protection . . . . . . . . 11
3.2. ALTO Server Discovery . . . . . . . . . . . . . . . . . . 12
3.3. Security and Privacy . . . . . . . . . . . . . . . . . . . 13
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
5. Security Considerations . . . . . . . . . . . . . . . . . . . 14
5.1. High-Level Security Considerations . . . . . . . . . . . . 14
5.2. Information Disclosure Scenarios . . . . . . . . . . . . . 14
5.2.1. Classification of Information Disclosure Scenarios . . 14
5.2.2. Discussion of Information Disclosure Scenarios . . . . 16
5.3. ALTO Server Discovery . . . . . . . . . . . . . . . . . . 18
5.4. Security Requirements . . . . . . . . . . . . . . . . . . 18
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6.1. Normative References . . . . . . . . . . . . . . . . . . . 18
6.2. Informative References . . . . . . . . . . . . . . . . . . 18
Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 19
Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . . 19
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Architectural Framework . . . . . . . . . . . 3
2.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3
2.2. ALTO Terminology . . . . . . . . . . . . . . . . . . . . . 3
2.3. Architectural Framework for ALTO . . . . . . . . . . . . . 5
3. ALTO Requirements . . . . . . . . . . . . . . . . . . . . . . 5
3.1. ALTO Client Protocol . . . . . . . . . . . . . . . . . . . 5
3.1.1. General Requirements . . . . . . . . . . . . . . . . . 5
3.1.2. Host-Group Descriptor Support . . . . . . . . . . . . 6
3.1.3. Rating Criteria Support . . . . . . . . . . . . . . . 7
3.1.4. Placement of Entities and Timing of Transactions . . . 9
3.1.5. Protocol Extensibility . . . . . . . . . . . . . . . . 11
3.1.6. Error Handling and Overload Protection . . . . . . . . 11
3.2. ALTO Server Discovery . . . . . . . . . . . . . . . . . . 12
3.3. Security and Privacy . . . . . . . . . . . . . . . . . . . 13
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
5. Security Considerations . . . . . . . . . . . . . . . . . . . 14
5.1. High-Level Security Considerations . . . . . . . . . . . . 14
5.2. Information Disclosure Scenarios . . . . . . . . . . . . . 14
5.2.1. Classification of Information Disclosure Scenarios . . 14
5.2.2. Discussion of Information Disclosure Scenarios . . . . 16
5.3. ALTO Server Discovery . . . . . . . . . . . . . . . . . . 18
5.4. Security Requirements . . . . . . . . . . . . . . . . . . 18
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6.1. Normative References . . . . . . . . . . . . . . . . . . . 18
6.2. Informative References . . . . . . . . . . . . . . . . . . 18
Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 19
Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . . 19
The motivation for Application-Layer Traffic Optimization (ALTO) is described in the ALTO problem statement [RFC5693].
应用层流量优化(ALTO)的动机在ALTO问题陈述[RFC5693]中描述。
The goal of ALTO is to provide information that can help peer-to-peer (P2P) applications make better decisions with respect to peer selection. However, ALTO may be useful for non-P2P applications as well. For example, clients of client-server applications may use information provided by ALTO to select one of several servers or information replicas. As another example, ALTO information could be used to select a media relay needed for NAT traversal. The goal of these informed decisions is to improve performance or Quality of Experience in the application while reducing the utilization of the underlying network infrastructure.
ALTO的目标是提供信息,帮助对等(P2P)应用程序在对等选择方面做出更好的决策。然而,ALTO也可能对非P2P应用程序有用。例如,客户机-服务器应用程序的客户机可以使用ALTO提供的信息从多个服务器或信息副本中选择一个。作为另一个例子,ALTO信息可用于选择NAT穿越所需的媒体中继。这些明智决策的目标是提高应用程序的性能或体验质量,同时降低底层网络基础设施的利用率。
Usually, it would be difficult or even impossible for application entities to acquire this information by other mechanisms, e.g., using measurements between the peers of a P2P overlay, because of complexity or because it is based on network topology information, network operational costs, or network policies, which the respective network provider does not want to disclose in detail.
通常,由于复杂性或基于网络拓扑信息、网络运营成本或网络策略,应用实体很难或甚至不可能通过其他机制(例如,使用P2P覆盖的对等方之间的测量)获取该信息,各网络提供商不想详细披露的信息。
The functional entities that provide the ALTO service do not take part in the actual user-data transport, i.e., they do not implement functions for relaying user data. These functional entities may be placed on various kinds of physical nodes, e.g., on dedicated servers, as auxiliary processes in routers, on "trackers" or "super peers" of a P2P application, etc.
提供ALTO服务的功能实体不参与实际的用户数据传输,即,它们不实现中继用户数据的功能。这些功能实体可以放置在各种物理节点上,例如,在专用服务器上,作为路由器中的辅助进程,在P2P应用程序的“跟踪器”或“超级对等点”上,等等。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
This document uses the following ALTO-related terms, which are defined in [RFC5693]:
本文件使用了[RFC5693]中定义的以下ALTO相关术语:
Application, Peer, P2P, Resource, Resource Identifier, Resource Provider, Resource Consumer, Transport Address, Overlay Network, Resource Directory, ALTO Service, ALTO Server, ALTO Client, ALTO
应用程序、对等、P2P、资源、资源标识符、资源提供者、资源使用者、传输地址、覆盖网络、资源目录、ALTO服务、ALTO服务器、ALTO客户端、ALTO
Query, ALTO Response, ALTO Transaction, Local Traffic, Peering Traffic, Transit Traffic, Application Protocol, ALTO Client Protocol, and Provisioning Protocol.
查询、ALTO响应、ALTO事务、本地流量、对等流量、传输流量、应用程序协议、ALTO客户端协议和供应协议。
Furthermore, the following additional terms will be used:
此外,将使用以下附加条款:
o Host-Group Descriptor: Information used to describe one or more Internet hosts (such as the resource consumer that seeks ALTO guidance, or one or more candidate resource providers) and their location within the network topology. There can be several different types of host-group descriptors, for example, a single IP address, an address prefix or address range that contains the host(s), or an Autonomous System (AS) number. Different host-group descriptor types may provide different levels of detail. Depending on the system architecture, this may have implications on the quality of the guidance ALTO is able to provide, on whether recommendations can be aggregated, and on how much privacy-sensitive information about users might be disclosed to additional parties.
o 主机组描述符:用于描述一个或多个Internet主机(如寻求ALTO指导的资源使用者,或一个或多个候选资源提供者)及其在网络拓扑中的位置的信息。可以有几种不同类型的主机组描述符,例如,单个IP地址、包含主机的地址前缀或地址范围,或自治系统(AS)编号。不同的主机组描述符类型可能提供不同级别的详细信息。根据系统架构的不同,这可能会影响ALTO能够提供的指导的质量、是否可以汇总建议以及可能向其他方披露多少关于用户的隐私敏感信息。
o Rating Criterion: The condition or relation that defines the "better" in "better-than-random peer selection", which is the ultimate goal of ALTO. Examples may include "host's Internet access is not subject to volume-based charging (flat rate)" or "low topological distance". Some rating criteria, such as "low topological distance", need to include a reference point, e.g., "low topological distance from a given resource consumer". This reference point can be described by means of a host-group descriptor.
o 评级标准:在“优于随机同行选择”中定义“优于”的条件或关系,这是ALTO的最终目标。示例可能包括“主机的互联网接入不受基于容量的收费(统一费率)”或“低拓扑距离”的限制。一些评级标准,如“低拓扑距离”,需要包括一个参考点,例如“与给定资源使用者的低拓扑距离”。该参考点可以通过主机组描述符来描述。
o Host-Characteristics Attribute: Properties of a host, other than the host-group descriptor. It may be evaluated according to one or more rating criteria. This information may be stored in an ALTO server and transmitted via an ALTO protocol. One example for a host-characteristics attribute would be a data field indicating whether a host's Internet access is subject to volume-based charging or not (flat rate).
o 主机特性属性:主机的属性,而不是主机组描述符。可根据一个或多个评级标准进行评估。该信息可以存储在ALTO服务器中,并通过ALTO协议传输。主机特性属性的一个示例是一个数据字段,该字段指示主机的Internet访问是否需要基于卷的收费(统一费率)。
o Target-Aware Query Mode: In this mode of operation, an ALTO client performs the ALTO query when the desired resource and a set of candidate resource providers are already known, i.e., after Distributed Hash Table (DHT) lookups, queries to the resource directory, etc. To this end, the ALTO client transmits a list of host-group descriptors and optionally one or more rating criteria to the ALTO server. The ALTO server evaluates the host-group descriptors according to the indicated criteria or a default
o 目标感知查询模式:在此操作模式下,ALTO客户端在已知所需资源和一组候选资源提供程序时执行ALTO查询,即在分布式哈希表(DHT)查找、查询资源目录等之后,ALTO客户端将主机组描述符列表和可选的一个或多个评级标准传输到ALTO服务器。ALTO服务器根据指示的标准或默认值评估主机组描述符
criterion. It returns a list of these host-group descriptors to the ALTO client, which is sorted according to the rating criteria and/or enriched with host-characteristics attributes.
标准它将这些主机组描述符的列表返回给ALTO客户端,该列表根据评级标准进行排序和/或使用主机特性属性进行丰富。
o Target-Independent Query Mode: In this mode of operation, ALTO queries are performed in advance or periodically, in order to receive comprehensive guidance. The ALTO client indicates the desired host-characteristics attributes in the ALTO query. The ALTO server answers with a list that indicates for all known host-group descriptors (possibly subject to the server's policies) the desired host-characteristics attributes. These lists will be cached locally and evaluated later, when a resource is to be accessed.
o 目标独立查询模式:在该操作模式下,ALTO查询提前或定期执行,以获得全面指导。ALTO客户端在ALTO查询中指示所需的主机特征属性。ALTO服务器用一个列表进行回答,该列表指示所有已知主机组描述符(可能受服务器策略的约束)所需的主机特性属性。这些列表将在本地缓存,并在稍后访问资源时进行计算。
There are various architectural options for ALTO implementation. Specifying or mandating one specific architecture is out of the scope of this document.
ALTO实现有多种体系结构选项。指定或强制执行一个特定体系结构不在本文档范围内。
In addition to the terminology (see Section 2 of [RFC5693] and Section 2.2 of this document), [RFC5693] presents a figure that gives a high-level overview of protocol interaction between these components.
除了术语(参见[RFC5693]第2节和本文件第2.2节),[RFC5693]还提供了一个图,从较高的层次概述了这些组件之间的协议交互。
This document itemizes requirements for the following components: ALTO client protocols, ALTO server discovery mechanisms, host-group descriptors, rating criteria, and host-characteristics attributes. Furthermore, requirements regarding the overall architecture, especially with respect to security and privacy issues, are presented.
本文档详细列出了以下组件的要求:ALTO客户端协议、ALTO服务器发现机制、主机组描述符、分级标准和主机特性属性。此外,还提出了关于总体架构的要求,特别是关于安全和隐私问题的要求。
Note that the detailed specification of such protocols and mechanisms is out of the scope of this document. In fact, this document does not even assume that there will be only one single specification for each of these components, respectively. However, this document enumerates requirements for ALTO to be considered when specifying, assessing, or comparing protocols and implementations.
请注意,此类协议和机制的详细规范不在本文件的范围内。事实上,本文档甚至没有假设每个组件都只有一个单独的规范。然而,本文件列举了在指定、评估或比较协议和实现时需要考虑的ALTO要求。
Req. AR-1: The ALTO service is provided by one or more ALTO servers. It may be queried by ALTO clients seeking guidance for selecting appropriate resource providers. ALTO clients and ALTO servers MUST
请求。AR-1:ALTO服务由一个或多个ALTO服务器提供。ALTO客户可能会对其进行查询,以寻求选择适当资源提供商的指导。ALTO客户端和ALTO服务器必须
implement an ALTO client protocol. An ALTO client protocol MUST be able to transmit ALTO queries from an ALTO client to an ALTO server, and it MUST be able to transmit the corresponding ALTO replies from the ALTO server to the ALTO client.
实现ALTO客户端协议。ALTO客户端协议必须能够将ALTO查询从ALTO客户端传输到ALTO服务器,并且必须能够将相应的ALTO回复从ALTO服务器传输到ALTO客户端。
The detailed specification of an ALTO client protocol is out of the scope of this document. In fact, this document does not even assume that there will be only one single protocol specification. However, this document enumerates requirements for ALTO, to be considered when specifying, assessing, or comparing protocols and implementations.
ALTO客户端协议的详细规范不在本文档范围内。事实上,本文档甚至没有假设只有一个协议规范。然而,本文件列举了在指定、评估或比较协议和实现时需要考虑的ALTO要求。
Req. AR-2: An ALTO client protocol MUST provide adequate mechanisms for operations and management support, as outlined in RFC 5706 [RFC5706].
请求。AR-2:ALTO客户端协议必须提供足够的运行和管理支持机制,如RFC 5706[RFC5706]所述。
The ALTO guidance is based on the evaluation of several resource providers or groups of resource providers, considering one or more rating criteria. The resource providers or groups of resource providers are characterized by means of host-group descriptors.
ALTO指南基于对多个资源提供商或资源提供商组的评估,并考虑一个或多个评级标准。资源提供者或资源提供者组通过主机组描述符来表征。
Req. AR-3: An ALTO client protocol MUST support the usage of multiple host-group descriptor types.
请求。AR-3:ALTO客户端协议必须支持使用多种主机组描述符类型。
Req. AR-4: ALTO clients and ALTO servers MUST clearly identify the type of each host-group descriptor sent in ALTO queries or responses. An ALTO protocol specification MUST provide appropriate protocol elements.
请求。AR-4:ALTO客户端和ALTO服务器必须明确标识在ALTO查询或响应中发送的每个主机组描述符的类型。ALTO协议规范必须提供适当的协议元素。
Req. AR-5: An ALTO client protocol MUST support the host group descriptor types "IPv4 address prefix" and "IPv6 address prefix". They can be used to specify the IP address of one host, or an IP address range (in Classless Inter-Domain Routing (CIDR) notation) containing all hosts in question.
请求。AR-5:ALTO客户端协议必须支持主机组描述符类型“IPv4地址前缀”和“IPv6地址前缀”。它们可用于指定一台主机的IP地址,或指定包含所有相关主机的IP地址范围(采用无类域间路由(CIDR)表示法)。
Req. AR-6: An ALTO client protocol MUST be extensible to enable future support of other host-group descriptor types. An ALTO client protocol specification MUST define an appropriate procedure for adding new host-group descriptor types, e.g., by establishing an IANA registry.
请求。AR-6:ALTO客户端协议必须是可扩展的,以便将来支持其他主机组描述符类型。ALTO客户端协议规范必须定义添加新主机组描述符类型的适当程序,例如,通过建立IANA注册表。
Req. AR-7: For host-group descriptor types other than "IPv4 address prefix" and "IPv6 address prefix", the host-group descriptor type identification MUST be supplemented by a reference to a facility that can be used to translate host-group descriptors of this type to IPv4/ IPv6 address prefixes, e.g., by means of a mapping table or an algorithm.
请求。AR-7:对于除“IPv4地址前缀”和“IPv6地址前缀”之外的主机组描述符类型,主机组描述符类型标识必须由对可用于将此类型的主机组描述符转换为IPv4/IPv6地址前缀的设施的引用来补充,例如,通过映射表或算法。
Req. AR-8: Protocol functions for mapping other host-group descriptor types to IPv4/IPv6 address prefixes SHOULD be designed and specified as part of an ALTO client protocol, and the corresponding address mapping information SHOULD be made available by the same entity that wants to use these host-group descriptors within an ALTO client protocol. However, an ALTO server or an ALTO client MAY also send a reference to an external mapping facility, e.g., a translation table to be obtained via an alternative mechanism.
请求。AR-8:用于将其他主机组描述符类型映射到IPv4/IPv6地址前缀的协议功能应作为ALTO客户端协议的一部分进行设计和指定,并且希望在ALTO客户端协议中使用这些主机组描述符的同一实体应提供相应的地址映射信息。然而,ALTO服务器或ALTO客户端也可以向外部映射设施发送引用,例如,通过替代机制获得的翻译表。
Rationale for the previous two requirements: The preferred type of host-group descriptors are IPv4 and IPv6 prefixes. However, in some situations, one party may prefer to use another type, e.g., AS numbers. Usually, applications seeking ALTO guidance work with IP addresses, e.g., when establishing connections. Understanding guiding information that is based on other host-group descriptor types, i.e., mapping from these other types to IP prefixes and back, may be a non-trivial task. Therefore, before a party may use other host-group descriptor types, they must provide a mapping mechanism to IP prefixes.
前两项要求的基本原理:首选的主机组描述符类型是IPv4和IPv6前缀。然而,在某些情况下,一方可能倾向于使用另一种类型,例如,作为数字。通常,寻求ALTO指导的应用程序使用IP地址,例如,在建立连接时。理解基于其他主机组描述符类型的指导信息,即从这些其他类型到IP前缀的映射,可能是一项非常重要的任务。因此,在一方可以使用其他主机组描述符类型之前,它们必须提供到IP前缀的映射机制。
Req. AR-9: An ALTO client protocol specification MUST define mechanisms that can be used by the ALTO server to indicate that a host-group descriptor used by the ALTO client is of an unsupported type, or that the indicated mapping mechanism could not be used.
请求。AR-9:ALTO客户端协议规范必须定义ALTO服务器可以使用的机制,以指示ALTO客户端使用的主机组描述符的类型不受支持,或者指示的映射机制无法使用。
Req. AR-10: An ALTO client protocol specification MUST define mechanisms that can be used by the ALTO client to indicate that a host-group descriptor used by the ALTO server is of an unsupported type, or that the indicated mapping mechanism could not be used.
请求。AR-10:ALTO客户端协议规范必须定义ALTO客户端可以使用的机制,以指示ALTO服务器使用的主机组描述符的类型不受支持,或者指示的映射机制无法使用。
Req. AR-11: An ALTO client protocol specification MUST define a rating criterion that can be used to express and evaluate the "relative operator's preference". This is a relative measure, i.e., it is not associated with any unit of measurement. A preferred rating, according to this criterion, indicates that the application should prefer the respective candidate resource provider over others with less preferred ratings (unless information from non-ALTO sources suggests a different choice, such as transmission attempts suggesting that the path is currently congested). The operator of the ALTO server does not have to disclose how and based on which data the ratings are actually computed. Examples could be: cost for peering or transit traffic, traffic engineering inside the network, and other policies.
请求。AR-11:ALTO客户端协议规范必须定义一个评级标准,用于表示和评估“相对操作员的偏好”。这是一个相对度量,即它与任何度量单位都不相关。根据该标准,优选分级表示应用程序应优先选择相应的候选资源提供者,而不是其他具有较低优选分级的候选资源提供者(除非来自非ALTO源的信息表明不同的选择,例如传输尝试表明路径当前拥挤)。ALTO服务器的运营商不必披露实际计算评级的方式和依据。例如:对等或传输流量的成本、网络内部的流量工程以及其他策略。
Req. AR-12: An ALTO client protocol MUST be extensible to enable future support of other rating criteria types. An ALTO client protocol specification MUST define an appropriate procedure for adding new rating criteria types, e.g., by establishing an IANA registry.
请求。AR-12:ALTO客户端协议必须是可扩展的,以便将来支持其他评级标准类型。ALTO客户端协议规范必须定义添加新评级标准类型的适当程序,例如,通过建立IANA注册表。
Req. AR-13: ALTO client protocol specifications MUST NOT define rating criteria closely related to the instantaneous network congestion state, i.e., rating criteria that have the primary aim to serve as an alternative to established congestion control strategies, such as using TCP-based transport.
请求。AR-13:ALTO客户端协议规范不得定义与瞬时网络拥塞状态密切相关的分级标准,即主要目的是作为已建立的拥塞控制策略(如使用基于TCP的传输)的替代方案的分级标准。
Req. AR-14: Applications using ALTO guidance MUST NOT rely solely on the ALTO guidance to avoid causing network congestion. Instead, they MUST use other appropriate means, such as TCP-based transport, to avoid causing excessive congestion.
请求。AR-14:使用ALTO引导的应用程序不得完全依赖ALTO引导,以避免造成网络拥塞。相反,他们必须使用其他适当的手段,如基于TCP的传输,以避免造成过度拥塞。
Rationale for the previous requirement: One design assumption for ALTO is that it is acceptable for the host-characteristics attributes, which are stored and processed in the ALTO servers for giving guidance, to be updated rather infrequently. Typical update intervals may be several orders of magnitude longer than the typical network-layer packet round-trip time (RTT). Therefore, ALTO cannot be a replacement for TCP-like congestion control mechanisms.
上述要求的基本原理:ALTO的一个设计假设是,主机特性属性(存储和处理在ALTO服务器中以提供指导)可以不经常更新。典型的更新间隔可能比典型的网络层数据包往返时间(RTT)长几个数量级。因此,ALTO不能替代类似TCP的拥塞控制机制。
Req. AR-15: In the target-independent query mode, the ALTO query message SHOULD allow the ALTO client to express which host-characteristics attributes should be returned.
请求。AR-15:在目标独立查询模式下,ALTO查询消息应允许ALTO客户端表示应返回哪些主机特性。
Req. AR-16: In the target-aware query mode, the ALTO query message SHOULD allow the ALTO client to express which rating criteria should be considered by the server, as well as their relative relevance for the specific application that will eventually make use of the guidance. The corresponding ALTO response message SHOULD allow the ALTO server to express which rating criteria have been considered when generating the response.
请求。AR-16:在目标感知查询模式下,ALTO查询消息应允许ALTO客户端表示服务器应考虑哪些评级标准,以及它们与最终将使用指南的特定应用程序的相对相关性。相应的ALTO响应消息应允许ALTO服务器表示在生成响应时考虑了哪些评级标准。
Req. AR-17: An ALTO client protocol specification MUST define mechanisms that can be used by the ALTO client and the ALTO server to indicate that a rating criteria used by the other party is of an unsupported type.
请求。AR-17:ALTO客户端协议规范必须定义ALTO客户端和ALTO服务器可以使用的机制,以表明另一方使用的评级标准属于不受支持的类型。
With respect to the placement of ALTO clients, several modes of operation exist:
关于ALTO客户的安置,存在几种操作模式:
o One mode of ALTO operation is that an ALTO client may be embedded directly in the resource consumer, i.e., the application protocol entity that will eventually initiate data transmission to/from the selected resource provider(s) in order to access the desired resource. For example, an ALTO client could be integrated into the peer of a P2P application that uses a distributed algorithm such as "query flooding" for resource discovery.
o ALTO操作的一种模式是,ALTO客户端可以直接嵌入到资源消费者(即,最终将发起到所选资源提供者/从所选资源提供者进行数据传输以访问所需资源的应用协议实体)中。例如,ALTO客户端可以集成到P2P应用程序的对等端,该应用程序使用分布式算法(如“查询泛洪”)进行资源发现。
o Another mode of operation is to integrate the ALTO client into a third party, such as a resource directory. This third party may issue ALTO queries to solicit preference on potential resource providers, considering the respective resource consumer. For example, an ALTO client could be integrated into the tracker of a tracker-based P2P application, in order to request ALTO guidance on behalf of the peers contacting the tracker.
o 另一种操作模式是将ALTO客户端集成到第三方,例如资源目录。考虑到各自的资源消费者,该第三方可以发出ALTO查询以征求潜在资源提供商的偏好。例如,ALTO客户端可以集成到基于跟踪器的P2P应用程序的跟踪器中,以便代表联系跟踪器的对等方请求ALTO指导。
Req. AR-18: An ALTO client protocol MUST support the mode of operation in which the ALTO client is directly embedded in the resource consumer.
请求。AR-18:ALTO客户端协议必须支持ALTO客户端直接嵌入到资源使用者中的操作模式。
Req. AR-19: An ALTO client protocol MUST support the mode of operation in which the ALTO client is embedded in a third party. This third party performs queries on behalf of resource consumers.
请求。AR-19:ALTO客户端协议必须支持ALTO客户端嵌入第三方的操作模式。此第三方代表资源使用者执行查询。
Req. AR-20: An ALTO client protocol MUST be designed in a way that the ALTO service can be provided by an entity that is not the operator of the underlying IP network.
请求。AR-20:ALTO客户端协议的设计必须确保ALTO服务可以由不是底层IP网络运营商的实体提供。
Req. AR-21: An ALTO client protocol MUST be designed in a way that different instances of the ALTO service operated by different providers can coexist.
请求。AR-21:ALTO客户端协议的设计必须确保由不同提供商操作的ALTO服务的不同实例可以共存。
Req. AR-22: An ALTO client protocol specification MUST specify at least one query mode, either the target-aware or the target-independent query mode.
请求。AR-22:ALTO客户端协议规范必须至少指定一种查询模式,即目标感知查询模式或目标独立查询模式。
Note that this requirements document does not assume that there will be only one single protocol specification.
请注意,本需求文件并不假设只有一个协议规范。
Req. AR-23: An ALTO client protocol specification SHOULD specify both the target-aware and the target-independent query mode. If an ALTO client protocol specification specifies more than one query mode, it MUST define at least one of these modes as REQUIRED to implement by
请求。AR-23:ALTO客户端协议规范应同时指定目标感知和目标独立查询模式。如果ALTO客户端协议规范指定了多个查询模式,则它必须根据需要定义这些模式中的至少一个,以便由
ALTO clients and ALTO servers. Furthermore, it MUST specify an appropriate protocol mechanism for negotiating between the ALTO client and ALTO server, which query mode to use.
ALTO客户端和ALTO服务器。此外,它必须为ALTO客户端和ALTO服务器之间的协商指定适当的协议机制,以使用哪种查询模式。
Req. AR-24: An ALTO client protocol SHOULD support version numbering, TTL (time-to-live) attributes, and/or similar mechanisms in ALTO transactions, in order to enable time validity checking for caching, and to enable comparisons of multiple recommendations obtained through redistribution.
请求。AR-24:ALTO客户端协议应支持ALTO事务中的版本编号、TTL(生存时间)属性和/或类似机制,以便对缓存进行时间有效性检查,并对通过重新分发获得的多个建议进行比较。
Req. AR-25: An ALTO client protocol SHOULD allow the ALTO server to add information about appropriate modes of reuse to its ALTO responses. Reuse may include redistributing an ALTO response to other parties, as well as using the same ALTO information in a resource directory to improve the responses to different resource consumers within the specified lifetime of the ALTO response. The ALTO server SHOULD be able to express that
请求。AR-25:ALTO客户端协议应允许ALTO服务器向其ALTO响应中添加有关适当重用模式的信息。重用可以包括将ALTO响应重新分发给其他方,以及在资源目录中使用相同的ALTO信息来改进在ALTO响应的指定生存期内对不同资源使用者的响应。ALTO服务器应该能够表达这一点
o no reuse should occur.
o 不应重复使用。
o reuse is appropriate for a specific "target audience", i.e., a set of resource consumers explicitly defined by a list of host-group descriptors. The ALTO server MAY specify a "target audience" in the ALTO response that is only a subset of the known actual "target audience", e.g., if required by operator policies.
o 重用适用于特定的“目标受众”,即由主机组描述符列表显式定义的一组资源使用者。例如,如果运营商策略要求,ALTO服务器可以在ALTO响应中指定仅为已知实际“目标受众”子集的“目标受众”。
o reuse is appropriate for any resource consumer that would send (or cause a third party to send on behalf of it) the same ALTO query (i.e., with the same query parameters, except for the resource consumer ID, if applicable) to this ALTO server.
o 重用适用于任何将向该ALTO服务器发送(或导致第三方代表其发送)相同ALTO查询(即,使用相同的查询参数,资源使用者ID除外,如果适用)的资源使用者。
o reuse is appropriate for any resource consumer that would send (or cause a third party to send on behalf of it) the same ALTO query (i.e., with the same query parameters, except for the resource consumer ID, if applicable) to any other ALTO server that was discovered (using an ALTO discovery mechanism) together with this ALTO server.
o 重用适用于任何将发送(或导致第三方代表其发送)相同ALTO查询(即,使用相同的查询参数,资源使用者ID除外,如果适用)到与此ALTO服务器一起发现的任何其他ALTO服务器(使用ALTO发现机制)的资源使用者。
o reuse is appropriate for any resource consumer that would send (or cause a third party to send on behalf of it) the same ALTO query (i.e., with the same query parameters, except for the resource consumer ID, if applicable) to any ALTO server in the whole network.
o 对于将向整个网络中的任何ALTO服务器发送(或导致第三方代表其发送)相同ALTO查询(即,使用相同的查询参数,资源使用者ID除外,如果适用)的任何资源使用者,重用都是合适的。
Req. AR-26: An ALTO client protocol MUST support the transport of ALTO transactions, even if the ALTO client is located in the private address realm behind a network address translator (NAT). There are different types of NAT, see [RFC4787] and [RFC5382].
请求。AR-26:ALTO客户端协议必须支持ALTO事务的传输,即使ALTO客户端位于网络地址转换器(NAT)后面的专用地址域中。NAT有不同的类型,请参见[RFC4787]和[RFC5382]。
Req. AR-27: An ALTO client protocol MUST include support for adding protocol extensions in a non-disruptive, backward-compatible way.
请求。AR-27:ALTO客户端协议必须支持以无中断、向后兼容的方式添加协议扩展。
Req. AR-28: An ALTO client protocol MUST include protocol versioning support, in order to clearly distinguish between incompatible versions of the protocol.
请求。AR-28:ALTO客户端协议必须包括协议版本控制支持,以便明确区分协议的不兼容版本。
Req. AR-29: An ALTO client protocol MUST use congestion-aware transport, e.g., by using TCP.
请求。AR-29:ALTO客户端协议必须使用拥塞感知传输,例如通过使用TCP。
Req. AR-30: An ALTO client protocol specification MUST specify mechanisms for an ALTO server to inform clients about an impending or occurring overload situation, or how to leverage appropriate mechanisms provided by underlying protocol layers. The mechanisms MUST provide all of the following options to the server:
请求。AR-30:ALTO客户端协议规范必须指定ALTO服务器通知客户端即将发生或正在发生的过载情况的机制,或者如何利用底层协议层提供的适当机制。这些机制必须向服务器提供以下所有选项:
o terminate the conversation with the client,
o 终止与客户的对话,
o redirect the client to another ALTO server, and
o 将客户端重定向到另一个ALTO服务器,然后
o request that the client throttle its query rate.
o 请求客户端限制其查询速率。
In particular, a simple form of throttling is to let an ALTO server answer a query with an error message advising the client to retry the query later (e.g., using a protocol function such as HTTP's Retry-After header ([RFC2616], Section 14.37)). Another simple option is to actually answer the query with the desired information, but adding an indication that the ALTO client should not send further queries to this ALTO server before an indicated period of time has elapsed.
特别是,一种简单的节流形式是让ALTO服务器回答查询,并显示一条错误消息,建议客户端稍后重试查询(例如,使用协议功能,如HTTP的retry After header([RFC2616],第14.37节))。另一个简单的选择是使用所需的信息实际回答查询,但添加一个指示,指示ALTO客户端在指定的时间段过去之前不应向该ALTO服务器发送进一步的查询。
Req. AR-31: An ALTO client protocol specification MUST specify mechanisms for an ALTO server to inform clients about its inability to answer queries due to technical problems or system maintenance, or how to leverage appropriate mechanisms provided by underlying protocol layers. The mechanisms MUST provide all of the following options to the server:
请求。AR-31:ALTO客户端协议规范必须为ALTO服务器指定机制,以告知客户端由于技术问题或系统维护而无法回答查询,或者如何利用底层协议层提供的适当机制。这些机制必须向服务器提供以下所有选项:
o terminate the conversation with the client,
o 终止与客户的对话,
o redirect the client to another ALTO server, and
o 将客户端重定向到另一个ALTO服务器,然后
o request that the client retry the query later.
o 请求客户端稍后重试查询。
Note: The existence of the above-mentioned protocol mechanisms does not imply that an ALTO server must use them when facing an overload, technical problem, or maintenance situation, respectively. Some servers may be unable to use them in that situation, or they may prefer to simply refuse the connection or not to send any answer at all.
注意:上述协议机制的存在并不意味着ALTO服务器在分别面临过载、技术问题或维护情况时必须使用它们。一些服务器可能无法在这种情况下使用它们,或者他们可能更愿意简单地拒绝连接或根本不发送任何应答。
An ALTO client protocol is supported by one or more ALTO server discovery mechanisms, which may be used by ALTO clients to determine one or more ALTO servers, to which ALTO requests can be sent. This section enumerates requirements for an ALTO client, as well as general requirements to be fulfilled by the ALTO server discovery mechanisms.
ALTO客户端协议由一个或多个ALTO服务器发现机制支持,ALTO客户端可以使用这些机制来确定一个或多个ALTO服务器,ALTO请求可以发送到这些服务器。本节列举了ALTO客户端的要求,以及ALTO服务器发现机制需要满足的一般要求。
Req. AR-32: An ALTO server discovery mechanism MUST support features allowing ALTO clients that are embedded in the resource consumer to find one or several ALTO servers that can provide ALTO guidance suitable for the resource consumer, using an ALTO protocol version compatible with the ALTO client. This mode of operation is called "resource consumer initiated ALTO server discovery".
请求。AR-32:ALTO服务器发现机制必须支持允许嵌入资源使用者中的ALTO客户端使用与ALTO客户端兼容的ALTO协议版本查找一个或多个能够提供适合资源使用者的ALTO指南的ALTO服务器的功能。这种操作模式称为“资源使用者启动的ALTO服务器发现”。
Req. AR-33: An ALTO server discovery mechanism MUST support features allowing ALTO clients that are embedded in a resource directory and perform third-party ALTO queries on behalf of a remote resource consumer to find one or several ALTO servers that can provide ALTO guidance suitable for the respective resource consumer, using an ALTO protocol version compatible with the ALTO client. This mode of operation is called "third-party ALTO server discovery".
请求。AR-33:ALTO服务器发现机制必须支持以下功能:允许嵌入在资源目录中并代表远程资源使用者执行第三方ALTO查询的ALTO客户端查找一个或多个能够提供适合各自资源使用者的ALTO指南的ALTO服务器,使用与ALTO客户端兼容的ALTO协议版本。这种操作模式称为“第三方ALTO服务器发现”。
Req. AR-34: ALTO clients MUST be able to perform resource consumer initiated ALTO server discovery, even if they are located behind a NAT.
请求。AR-34:ALTO客户端必须能够执行资源使用者启动的ALTO服务器发现,即使它们位于NAT后面。
Req. AR-35: ALTO clients MUST be able to perform third-party ALTO server discovery, even if they are located behind a NAT.
请求。AR-35:ALTO客户端必须能够执行第三方ALTO服务器发现,即使它们位于NAT后面。
Req. AR-36: ALTO clients MUST be able to perform third-party ALTO server discovery, even if the resource consumer, on behalf of which the ALTO query will be sent, is located behind a NAT.
请求。AR-36:ALTO客户端必须能够执行第三方ALTO服务器发现,即使代表其发送ALTO查询的资源使用者位于NAT后面。
Req. AR-37: ALTO server discovery mechanisms SHOULD leverage an existing protocol or mechanism, such as DNS-, DHCP-, or PPP-based automatic configuration, etc. A single mechanism with a broad spectrum of applicability SHOULD be preferred over several different mechanisms with narrower scopes.
请求。AR-37:ALTO服务器发现机制应利用现有的协议或机制,如DNS、DHCP或基于PPP的自动配置等。与范围较窄的几种不同机制相比,应首选具有广泛适用性的单一机制。
Req. AR-38: Every ALTO server discovery mechanism SHOULD be able to return the respective contact information for multiple ALTO servers.
请求。AR-38:每个ALTO服务器发现机制都应该能够返回多个ALTO服务器的相应联系信息。
Req. AR-39: Every ALTO server discovery mechanism SHOULD be able to indicate preferences for each returned ALTO server contact information.
请求。AR-39:每个ALTO服务器发现机制都应该能够为每个返回的ALTO服务器联系信息指示首选项。
Note: The following requirements mandate the inclusion of certain security mechanisms at a protocol specification level. Whether it makes sense to enable these mechanisms in a given deployment scenario depends on a threat analysis for this specific scenario. For a classification of potential information disclosure risks, refer to Section 5.2.
注意:以下要求要求在协议规范级别包含某些安全机制。在给定部署场景中启用这些机制是否有意义取决于此特定场景的威胁分析。有关潜在信息披露风险的分类,请参阅第5.2节。
Req. AR-40: An ALTO client protocol specification MUST specify mechanisms for the authentication of ALTO servers or specify how to leverage appropriate mechanisms provided by underlying protocol layers.
请求。AR-40:ALTO客户端协议规范必须指定ALTO服务器的身份验证机制,或者指定如何利用底层协议层提供的适当机制。
Req. AR-41: An ALTO client protocol specification MUST specify mechanisms for the authentication of ALTO clients or specify how to leverage appropriate mechanisms provided by underlying protocol layers.
请求。AR-41:ALTO客户端协议规范必须指定ALTO客户端的身份验证机制,或者指定如何利用底层协议层提供的适当机制。
Req. AR-42: An ALTO client protocol specification MUST specify mechanisms for the encryption of messages or specify how to leverage appropriate mechanisms provided by underlying protocol layers.
请求。AR-42:ALTO客户端协议规范必须指定消息加密机制或指定如何利用底层协议层提供的适当机制。
Req. AR-43: An ALTO client is not required to implement mechanisms or to comply with rules that limit its ability to redistribute information retrieved from the ALTO server to third parties.
请求。AR-43:ALTO客户端不需要实现机制或遵守限制其将从ALTO服务器检索到的信息重新分发给第三方的能力的规则。
Req. AR-44: An ALTO client protocol MUST support different levels of detail in queries and responses in order to protect the privacy of users, to ensure that the operators of ALTO servers and other users of the same application cannot derive sensitive information.
请求。AR-44:ALTO客户端协议必须支持查询和响应中不同级别的细节,以保护用户隐私,确保ALTO服务器的操作员和同一应用程序的其他用户无法获取敏感信息。
Req. AR-45: An ALTO client protocol MAY include mechanisms that can be used by the ALTO client when requesting guidance to specify the resource (e.g., content identifiers) it wants to access. An ALTO server MUST provide adequate guidance, even if the ALTO client prefers not to specify the desired resource (e.g., keeps the data field empty). The mechanism MUST be designed in a way that the operator of the ALTO server cannot easily deduce the resource identifier (e.g., file name in P2P file sharing) if the ALTO client prefers not to specify it.
请求。AR-45:ALTO客户端协议可以包括ALTO客户端在请求指导以指定其想要访问的资源(例如,内容标识符)时可以使用的机制。ALTO服务器必须提供足够的指导,即使ALTO客户端不希望指定所需的资源(例如,保持数据字段为空)。如果ALTO客户端不愿意指定资源标识符(例如,P2P文件共享中的文件名),则该机制的设计方式必须确保ALTO服务器的操作员无法轻松推断资源标识符。
Req. AR-46: An ALTO client protocol specification MUST specify appropriate mechanisms for protecting the ALTO service against Denial-of-Service (DoS) attacks or specify how to leverage appropriate mechanisms provided by underlying protocol layers.
请求。AR-46:ALTO客户端协议规范必须指定保护ALTO服务免受拒绝服务(DoS)攻击的适当机制,或指定如何利用底层协议层提供的适当机制。
This requirements document does not mandate any immediate IANA actions. However, such IANA considerations may arise from future ALTO specification documents that try to meet the requirements given here.
本要求文件不要求IANA立即采取任何行动。然而,这些IANA考虑可能来自未来的ALTO规范文件,这些文件试图满足此处给出的要求。
High-level security considerations for the ALTO service can be found in the "Security Considerations" section of the ALTO problem statement document [RFC5693].
ALTO服务的高级安全注意事项可在ALTO问题声明文档[RFC5693]的“安全注意事项”部分找到。
The unwanted disclosure of information is one key concern related to ALTO. Neither the ALTO server nor a third party using or misusing the ALTO service should be able to infer the application behavior or correlate data in such a way that would violate user privacy, e.g., who is exchanging which files with whom using a P2P file-sharing application. Furthermore, many network operators are concerned about the amount of information related to their network infrastructure (e.g., topology information, number of "premium customers", or utilization statistics) that might be released through ALTO. This section presents a classification and discussion of information disclosure scenarios and potential countermeasures.
不必要的信息披露是与ALTO相关的一个关键问题。ALTO服务器或使用或误用ALTO服务的第三方都不应能够推断应用程序行为或以侵犯用户隐私的方式关联数据,例如,谁正在使用P2P文件共享应用程序与谁交换哪些文件。此外,许多网络运营商担心可能通过ALTO发布的与其网络基础设施相关的信息量(例如拓扑信息、“优质客户”数量或利用率统计数据)。本节对信息披露情景和潜在对策进行分类和讨论。
The following issues may be considered a risk for the operator of an ALTO server, depending on the specific deployment scenario:
以下问题可能被视为ALTO服务器运营商的风险,具体取决于具体的部署场景:
(1) Excess disclosure of the ALTO server operator's data to an authorized ALTO client. The operator of an ALTO server has to feed information, such as tables mapping host-group descriptors to host-characteristics attributes, into the server, thereby enabling it to give guidance to ALTO clients. Some operators might consider the full set of this information confidential (e.g., a detailed map of the operator's network topology) and might want to disclose only a subset of it or disclose somehow obfuscated information to an ALTO client.
(1) 向授权的ALTO客户端过度披露ALTO服务器运营商的数据。ALTO服务器的操作员必须向服务器提供信息,例如将主机组描述符映射到主机特征属性的表,从而使服务器能够向ALTO客户端提供指导。一些运营商可能会认为该信息的完整集合是保密的(例如,运营商的网络拓扑的详细地图),并且可能只想披露它的一个子集,或者向阿尔托客户透露某种模糊的信息。
(2) Disclosure of the ALTO server operator's data (e.g., network topology information) to an unauthorized third party. There are three subcases here:
(2) 向未经授权的第三方披露ALTO服务器运营商的数据(如网络拓扑信息)。这里有三个子类别:
(2a) An ALTO server receives and answers queries originating from an unauthorized ALTO client.
(2a)ALTO服务器接收并回答来自未经授权ALTO客户端的查询。
(2b) An unauthorized party snoops on the data transmission from the ALTO server to an authorized ALTO client.
(2b)未经授权的一方窥探从ALTO服务器到授权ALTO客户端的数据传输。
(2c) An authorized ALTO client knowingly forwards the information it has received from the ALTO server to an unauthorized party.
(2c)授权的ALTO客户端故意将其从ALTO服务器收到的信息转发给未授权方。
(3) Excess retrieval of the ALTO server operator's data by collaborating ALTO clients. Several authorized ALTO clients could ask one or more ALTO servers for guidance, possibly several times during an extended period of time, and redistribute the responses among each other (see also case 2c). By aggregating and correlating the ALTO responses, they could find out more information than intended to be disclosed by the ALTO server operator(s).
(3) 通过协作ALTO客户端对ALTO服务器运营商数据的过度检索。多个经授权的ALTO客户端可以向一个或多个ALTO服务器请求指导,可能在一段较长的时间内多次请求,并在彼此之间重新分发响应(另见案例2c)。通过聚合和关联ALTO响应,他们可以找到比ALTO服务器运营商打算披露的更多的信息。
The following issues may be considered a risk for the user of an ALTO client, depending on the specific deployment scenario:
根据具体的部署场景,以下问题可能被视为ALTO客户端用户的风险:
(4) Disclosure of the application behavior or other user private data to the (authorized) ALTO server. The operator of an ALTO server could infer the application behavior (e.g., content identifiers in P2P file sharing applications, or lists of resource providers that are considered for establishing a connection) from the ALTO queries sent by an ALTO client.
(4) 向(授权的)ALTO服务器披露应用程序行为或其他用户私有数据。ALTO服务器的操作员可以从ALTO客户端发送的ALTO查询推断应用程序行为(例如,P2P文件共享应用程序中的内容标识符,或考虑用于建立连接的资源提供者列表)。
(5) Disclosure of the application behavior or other user private data to an unauthorized third party. There are three subcases here:
(5) 向未经授权的第三方披露应用程序行为或其他用户私有数据。这里有三个子类别:
(5a) An ALTO client willingly sends queries directly to an untrusted or malicious ALTO server, possibly due to a forged response of the ALTO server discovery mechanism.
(5a)ALTO客户端自愿直接向不受信任或恶意的ALTO服务器发送查询,这可能是由于ALTO服务器发现机制的伪造响应所致。
(5b) An unauthorized party snoops on the data transmission from the ALTO client to an authorized ALTO server.
(5b)未经授权的一方窥探从ALTO客户端到授权ALTO服务器的数据传输。
(5c) An authorized ALTO server knowingly forwards the information it has received from the ALTO client to an unauthorized party.
(5c)授权ALTO服务器故意将其从ALTO客户端收到的信息转发给未授权方。
(6) One or several collaborating (see case 5c) ALTO servers could try to infer the application behavior or other user private data by aggregating and correlating queries from one or more ALTO clients, possibly over an extended period of time.
(6) 一个或多个协作(参见案例5c)ALTO服务器可以尝试通过聚合和关联来自一个或多个ALTO客户端的查询来推断应用程序行为或其他用户私有数据,可能会持续一段时间。
An ALTO server operator should consider:
ALTO服务器运营商应考虑:
o Issue (1) may be addressed by the ALTO server operator choosing the level of detail of the information to be populated into the ALTO server and returned in the responses. For example, by specifying a broader address range (i.e., a shorter prefix length) than a group of hosts in question actually uses, an ALTO server operator may control to some extent how much information about the network topology is disclosed. Furthermore, access control mechanisms for filtering ALTO responses according to the authenticated ALTO client identity might be installed in the ALTO server, although this might not be effective given the lack of efficient mechanisms for addressing (2c) and (3), see below.
o 问题(1)可以由ALTO服务器操作员选择要填充到ALTO服务器并在响应中返回的信息的详细级别来解决。例如,通过指定比所讨论的主机组实际使用的更宽的地址范围(即,更短的前缀长度),ALTO服务器运营商可以在某种程度上控制关于网络拓扑的信息被公开的程度。此外,根据已认证的ALTO客户端标识过滤ALTO响应的访问控制机制可能安装在ALTO服务器中,尽管鉴于缺乏有效的寻址(2c)和(3)机制,这可能无效,见下文。
o (2a) and (2b) may be addressed by authentication, access control, and encryption schemes for the ALTO client protocol. However, deployment of encryption schemes might not be effective given the lack of efficient mechanisms for addressing (2c) and (3), see below.
o (2a)和(2b)可以通过ALTO客户端协议的认证、访问控制和加密方案来解决。然而,由于缺乏有效的寻址机制(2c)和(3),加密方案的部署可能并不有效,见下文。
o Straightforward authentication and encryption schemes will not help solving (2c) and (3), and there is no other simple and efficient mechanism known. The cost of complex approaches, e.g., based on Digital Rights Management (DRM), might easily outweigh the benefits of the whole ALTO solution; therefore, they are not considered as a viable solution. That is, ALTO server operators must be aware that (2c) and (3) cannot be prevented from happening; therefore, they should feed only such data into an ALTO server that they do not consider sensitive with respect to (2c) and (3).
o 直接的身份验证和加密方案将无助于解决(2c)和(3),并且没有其他已知的简单有效的机制。复杂方法(例如基于数字版权管理(DRM))的成本很容易超过整个ALTO解决方案的好处;因此,它们不被视为可行的解决办法。也就是说,ALTO服务器运营商必须意识到(2c)和(3)不能被阻止;因此,他们只需将这些数据馈送到阿尔托服务器,它们不考虑(2C)和(3)敏感。
A user of an ALTO client should consider:
ALTO客户端的用户应考虑:
o Issue (4) can and needs to be addressed in several ways: If the ALTO client is embedded in the resource consumer, the resource consumer's IP address (or the "public" IP address of the outermost NAT in front of the resource consumer) is disclosed to the ALTO server as a matter of principle, because it is in the source address fields of the IP headers. By using a proxy, the disclosure of source addresses to the ALTO server can be avoided at the cost of disclosing them to said proxy. If, in contrast,
o 问题(4)可以并且需要以几种方式解决:如果ALTO客户端嵌入到资源使用者中,则原则上,资源使用者的IP地址(或资源使用者前面最外层NAT的“公共”IP地址)将被披露给ALTO服务器,因为它位于IP头的源地址字段中。通过使用代理,可以避免以向所述代理披露源地址为代价向ALTO服务器披露源地址。相反,如果,
the ALTO client is embedded in a third party (e.g., a resource directory), which issues ALTO requests on behalf of resource consumers, it is possible to hide the exact addresses of the resource consumers from the ALTO server, e.g., by zeroing out or randomizing the last few bits of IP addresses. However, there is the potential side effect of yielding inaccurate results.
ALTO客户端嵌入在代表资源使用者发出ALTO请求的第三方(例如,资源目录)中,例如,通过将IP地址的最后几位置零或随机化,可以从ALTO服务器隐藏资源使用者的确切地址。然而,产生不准确结果的潜在副作用。
The disclosure of candidate resource providers' addresses to the ALTO server can be avoided by allowing ALTO clients to use the target-independent query mode. In this mode of operation, guiding information (e.g., "maps") is retrieved from the ALTO server and used entirely locally by the ALTO client, i.e., without sending host-location attributes of candidate resource providers to the ALTO server. In the target-aware query mode, this issue can be addressed by ALTO clients through obfuscating the identity of candidate resource consumers, e.g., by specifying a broader address range (i.e., a shorter prefix length) than a group of hosts in question actually uses, or by zeroing out or randomizing the last few bits of IP addresses. However, there is the potential side effect of yielding inaccurate results.
通过允许ALTO客户端使用目标独立查询模式,可以避免向ALTO服务器披露候选资源提供者的地址。在这种操作模式下,引导信息(例如,“地图”)从ALTO服务器检索,并完全由ALTO客户端在本地使用,即,不向ALTO服务器发送候选资源提供者的主机位置属性。在目标感知查询模式中,ALTO客户端可以通过模糊候选资源使用者的身份来解决此问题,例如,通过指定比所讨论的主机组实际使用的地址范围更宽(即,前缀长度更短),或者通过调零或随机化IP地址的最后几位。然而,产生不准确结果的潜在副作用。
o (5a) may be addressed by mandating that the ALTO server discovery procedure, as a whole, must be secure against spoofing.
o (5a)可以通过强制要求ALTO服务器发现过程作为一个整体必须是安全的,以防欺骗来解决。
Note: Given that this document does not mandate a specific system architecture, it is difficult to specify more details than that the discovery procedure, as a whole, should be secure against spoofing. There are many different architectural options, e.g., have an insecure discovery mechanism and use server certificates to later verify its response (cf. the DNS + HTTPS security model widely used in the World Wide Web). Therefore, at this requirements stage, it is not mandatory for the discovery mechanism itself to be secure against spoofing attacks.
注意:鉴于本文档没有规定特定的系统体系结构,因此很难指定比发现过程作为一个整体应该是安全的防止欺骗更详细的内容。有许多不同的体系结构选项,例如,具有不安全的发现机制,并使用服务器证书稍后验证其响应(参见在万维网中广泛使用的DNS+HTTPS安全模型)。因此,在这个需求阶段,发现机制本身不一定要对欺骗攻击具有安全性。
o (5b) may be addressed by encryption schemes for the ALTO client protocol. However, the effort vs. benefit should be evaluated for any specific deployment scenario, while also considering the risks and solution approaches for issues (4), (5c), and (6).
o (5b)可通过ALTO客户端协议的加密方案来解决。但是,应针对任何特定部署场景评估工作与收益,同时还应考虑问题(4)、(5c)和(6)的风险和解决方法。
o Straightforward authentication and encryption schemes will not help solving (5c) and (6). However, potential risks can be mitigated using the same approaches as used for issue (4), see above.
o 直接的身份验证和加密方案无助于解决(5c)和(6)。但是,可以使用与问题(4)相同的方法缓解潜在风险,见上文。
These insights are reflected in the requirements in this document.
这些见解反映在本文件的要求中。
See discussion of (5a) above.
见上文(5a)的讨论。
For a set of specific security requirements, please refer to Section 3.3 of this document.
有关一套具体的安全要求,请参阅本文件第3.3节。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC5693] Seedorf, J. and E. Burger, "Application-Layer Traffic Optimization (ALTO) Problem Statement", RFC 5693, October 2009.
[RFC5693]Seedorf,J.和E.Burger,“应用层流量优化(ALTO)问题陈述”,RFC 5693,2009年10月。
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC2616]菲尔丁,R.,盖蒂斯,J.,莫卧儿,J.,弗莱斯蒂克,H.,马斯特,L.,利奇,P.,和T.伯纳斯李,“超文本传输协议——HTTP/1.1”,RFC 2616,1999年6月。
[RFC4787] Audet, F. and C. Jennings, "Network Address Translation (NAT) Behavioral Requirements for Unicast UDP", BCP 127, RFC 4787, January 2007.
[RFC4787]Audet,F.和C.Jennings,“单播UDP的网络地址转换(NAT)行为要求”,BCP 127,RFC 4787,2007年1月。
[RFC5382] Guha, S., Biswas, K., Ford, B., Sivakumar, S., and P. Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, RFC 5382, October 2008.
[RFC5382]Guha,S.,Biswas,K.,Ford,B.,Sivakumar,S.,和P.Srisuresh,“TCP的NAT行为要求”,BCP 142,RFC 5382,2008年10月。
[RFC5706] Harrington, D., "Guidelines for Considering Operations and Management of New Protocols and Protocol Extensions", RFC 5706, November 2009.
[RFC5706]Harrington,D.,“考虑新协议和协议扩展的操作和管理指南”,RFC 5706,2009年11月。
Early draft versions of this document were co-authored by Laird Popkin.
本文件的早期草稿由莱尔德·波普金共同撰写。
The authors would like to thank Vijay K. Gurbani and Enrico Marocco for fostering discussions that lead to the creation of this document, and for giving valuable comments on it.
作者要感谢Vijay K.Gurbani和Enrico Marocco促成了本文件的创建,并对其提出了宝贵的意见。
The authors would like to thank the members of the P2PI and ALTO mailing lists for contributions and feedback, in particular: Richard Alimi, Jason Livingood, Michael Scharf, Nico Schwan, and Jan Seedorf.
作者要感谢P2PI和ALTO邮件列表的成员的贡献和反馈,特别是Richard Alimi、Jason Livingood、Michael Scharf、Nico Schwan和Jan Sedorf。
Laird Popkin and Y. Richard Yang are grateful to the many contributions made by the members of the P4P working group and Yale Laboratory of Networked Systems. The P4P working group is hosted by DCIA.
Laird Popkin和Y.Richard Yang感谢P4P工作组和耶鲁大学网络系统实验室的成员所做的许多贡献。P4P工作组由DCIA主持。
Martin Stiemerling is partially supported by the COAST project (COntent Aware Searching, retrieval and sTreaming, http://www.coast-fp7.eu), a research project supported by the European Commission under its 7th Framework Program (contract no. 248036). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the COAST project or the European Commission.
Martin Stiemerling部分受COAST项目(内容感知搜索、检索和流媒体、,http://www.coast-fp7.eu),这是一个由欧盟委员会根据其第七个框架计划(合同号248036)支持的研究项目。本文中包含的观点和结论是作者的观点和结论,不应被解释为代表海岸项目或欧盟委员会的官方政策或认可,无论明示或暗示。
Authors' Addresses
作者地址
Sebastian Kiesel (editor) University of Stuttgart Computing Center Networks and Communication Systems Department Allmandring 30 70550 Stuttgart Germany
Sebastian Kiesel(编辑)斯图加特大学计算中心网络与通信系统部门Autman 30斯图加特德国70550
EMail: ietf-alto@skiesel.de
URI: http://www.rus.uni-stuttgart.de/nks/
EMail: ietf-alto@skiesel.de
URI: http://www.rus.uni-stuttgart.de/nks/
Stefano Previdi Cisco Systems, Inc.
Stefano Previdi思科系统公司。
EMail: sprevidi@cisco.com
EMail: sprevidi@cisco.com
Martin Stiemerling NEC Laboratories Europe
Martin Stiemerling NEC欧洲实验室
EMail: martin.stiemerling@neclab.eu
URI: http://ietf.stiemerling.org
EMail: martin.stiemerling@neclab.eu
URI: http://ietf.stiemerling.org
Richard Woundy Comcast Corporation
Richard Woundy Comcast公司
EMail: Richard_Woundy@cable.comcast.com
EMail: Richard_Woundy@cable.comcast.com
Yang Richard Yang Yale University
耶鲁大学
EMail: yry@cs.yale.edu
EMail: yry@cs.yale.edu