--- 1/draft-ietf-p2psip-share-07.txt 2016-03-20 17:37:33.648402459 -0700 +++ 2/draft-ietf-p2psip-share-08.txt 2016-03-20 17:37:33.688403454 -0700 @@ -1,22 +1,22 @@ P2PSIP Working Group A. Knauf Internet-Draft T. Schmidt, Ed. Intended status: Standards Track HAW Hamburg -Expires: May 12, 2016 G. Hege +Expires: September 21, 2016 G. Hege daviko GmbH M. Waehlisch link-lab & FU Berlin - November 9, 2015 + March 20, 2016 A Usage for Shared Resources in RELOAD (ShaRe) - draft-ietf-p2psip-share-07 + draft-ietf-p2psip-share-08 Abstract This document defines a RELOAD Usage for managing shared write access to RELOAD Resources. Shared Resources in RELOAD (ShaRe) form a basic primitive for enabling various coordination and notification schemes among distributed peers. Access in ShaRe is controlled by a hierarchical trust delegation scheme maintained within an access list. A new USER-CHAIN-ACL access policy allows authorized peers to write a Shared Resource without owning its corresponding certificate. @@ -32,25 +32,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on May 12, 2016. + This Internet-Draft will expire on September 21, 2016. Copyright Notice - Copyright (c) 2015 IETF Trust and the persons identified as the + Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -62,94 +62,95 @@ 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Shared Resources in RELOAD . . . . . . . . . . . . . . . . . 4 3.1. Mechanisms for Isolating Stored Data . . . . . . . . . . 5 4. Access Control List Definition . . . . . . . . . . . . . . . 6 4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 6 4.2. Data Structure . . . . . . . . . . . . . . . . . . . . . 8 5. Extension for Variable Resource Names . . . . . . . . . . . . 9 5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 9 5.2. Data Structure . . . . . . . . . . . . . . . . . . . . . 10 5.3. Overlay Configuration Document Extension . . . . . . . . 10 - 6. Access Control to Shared Resources . . . . . . . . . . . . . 11 + 6. Access Control to Shared Resources . . . . . . . . . . . . . 12 6.1. Granting Write Access . . . . . . . . . . . . . . . . . . 12 6.2. Revoking Write Access . . . . . . . . . . . . . . . . . . 13 6.3. Validating Write Access through an ACL . . . . . . . . . 13 6.4. Operations of Storing Peers . . . . . . . . . . . . . . . 14 6.5. Operations of Accessing Peers . . . . . . . . . . . . . . 14 - 6.6. USER-CHAIN-ACL Access Policy . . . . . . . . . . . . . . 14 + 6.6. USER-CHAIN-ACL Access Policy . . . . . . . . . . . . . . 15 7. ACCESS-CONTROL-LIST Kind Definition . . . . . . . . . . . . . 15 - 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 8.1. Resource Exhaustion . . . . . . . . . . . . . . . . . . . 16 8.2. Malicious or Misbehaving Storing Peer . . . . . . . . . . 16 - 8.3. Privacy Issues . . . . . . . . . . . . . . . . . . . . . 16 - 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 - 9.1. Access Control Policy . . . . . . . . . . . . . . . . . . 16 + 8.3. Trust Delegation to a Malicious or Misbehaving Peer . . . 16 + 8.4. Privacy Issues . . . . . . . . . . . . . . . . . . . . . 17 + 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 + 9.1. Access Control Policy . . . . . . . . . . . . . . . . . . 17 9.2. Data Kind-ID . . . . . . . . . . . . . . . . . . . . . . 17 9.3. XML Name Space Registration . . . . . . . . . . . . . . . 17 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 - 10.1. Normative References . . . . . . . . . . . . . . . . . . 17 + 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 + 10.1. Normative References . . . . . . . . . . . . . . . . . . 18 10.2. Informative References . . . . . . . . . . . . . . . . . 18 - Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 18 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 + Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 19 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 1. Introduction [RFC6940] defines the base protocol for REsource LOcation And Discovery (RELOAD) that allows for application-specific extensions by Usages. The present document defines such a RELOAD Usage for managing shared write access to RELOAD Resources and a mechanism to store Resources with a variable name. The Usage for Shared Resources in RELOAD (ShaRe) enables overlay users to share their exclusive write access to specific Resource/Kind pairs with others. Shared Resources form a basic primitive for enabling various coordination and notification schemes among distributed peers. Write permission is controlled by an Access Control List (ACL) Kind that maintains a chain of Authorized Peers for a particular Shared Resource. A newly defined USER-CHAIN-ACL access control policy enables shared write access in RELOAD. The Usage for Shared Resources in RELOAD is designed for jointly coordinated group applications among distributed peers (e.g., third party registration, see [I-D.ietf-p2psip-sip], or distributed - conferencing, see[I-D.ietf-p2psip-disco]). Of particular interest - are rendezvous processes, where a single identifier is linked to - multiple, dynamic instances of a distributed cooperative service. - Shared write access is based on a trust delegation mechanism. It - transfers the authorization to write a specific Kind data by storing - logical Access Control Lists. An ACL contains the ID of the Kind to - be shared and contains trust delegations from one authorized to - another (previously unauthorized) user. + conferencing). Of particular interest are rendezvous processes, + where a single identifier is linked to multiple, dynamic instances of + a distributed cooperative service. Shared write access is based on a + trust delegation mechanism. It transfers the authorization to write + a specific Kind data by storing logical Access Control Lists. An ACL + contains the ID of the Kind to be shared and contains trust + delegations from one authorized to another (previously unauthorized) + user. Shared write access augments the RELOAD security model, which is based on the restriction that peers are only allowed to write resources at a small set of well defined locations (Resource-IDs) in the overlay. Using the standard access control rules in RELOAD, these locations are bound to the username or Node-ID in the peer's certificate. This document extends the base policies to enable a controlled write access for multiple users to a common Resource Id. Additionally, this specification defines an optional mechanism to store Resources with a variable Resource Name. It enables the storage of Resources whose name complies to a specific pattern. - Definition of the pattern is arbitrary, but must contain the username - of the Resource creator. + Definition of the pattern is arbitrary, but must contain the user + name of the Resource creator. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. This document uses the terminology and definitions from the RELOAD - base [RFC6940] and the peer-to-peer SIP concepts draft - [I-D.ietf-p2psip-concepts], in particular the RELOAD Usage, Resource - and Kind. Additionally, the following terms are used: + base [RFC6940] and [I-D.ietf-p2psip-concepts], in particular the + RELOAD Usage, Resource and Kind. Additionally, the following terms + are used: Shared Resource: The term Shared Resource in this document defines a RELOAD Resource with its associated Kinds, that can be written or overwritten by multiple RELOAD users following the specifications in this document. Access Control List: The term Access Control List in this document defines a logical list of RELOAD users allowed to write a specific RELOAD Resource/Kind pair by following the specifications in this document. The list items are stored as Access Control List Kinds @@ -219,44 +220,48 @@ Otherwise the Kind data structure does not contain the ResourceNameExtension structure. 3.1. Mechanisms for Isolating Stored Data This section defines mechanisms to avoid race conditions while concurrently writing an array or dictionary of a Shared Resource. If a dictionary is used in the Shared Resource, the dictionary key MUST be the Node-ID of the certificate that will be used to sign the - stored data. Thus data access is bound to the unique ID holder. + stored data. Thus data access is bound to the unique ID holder, and + write concurrency does not occur. If the data model of the Shared Resource is an array, each Authorized Peer SHALL obtain its exclusive range of the array indices. The following algorithm will generate an array indexing scheme that avoids collisions. 1. Obtain the Node-ID of the certificate that will be used to sign the stored data - 2. Take the least significant 24 bits of that Node-ID + 2. Take the least significant 24 bits of that Node-ID to prefix the + array index - 3. Append an 8 bit long short individual index value to those 24 bit - of the Node-ID + 3. Append an 8 bit individual index value to those 24 bit of the + Node-ID The resulting 32 bits long integer MUST be used as the index for - storing an array entry in a Shared Resource. The 8 bit individual - index can be incremented individually for further array entries and - allows for 256 distinct entries per Peer. + storing an array entry in a Shared Resource. The 24 bits of the + Node-ID serve as a pseudo-random identifier. The 8 bit individual + index remain under the control of a single Peer and can be + incremented individually for further array entries. In total, each + Peer can generate 256 distinct entries for application-specific use. The mechanism to create the array index is related to the pseudo- random algorithm to generate an SSRC identifier in RTP, see Section 8.1 in [RFC3550] for calculating the probability of a - collision. + collision (here L=24 is the length of the pseudo-random id). 4. Access Control List Definition 4.1. Overview An Access Control List (ACL) is a (self-managed) shared resource that contains a list of AccessControlListItem structures as defined in Section 4.2. Each entry delegates write access for a specific Kind data to a single RELOAD user. An ACL enables the RELOAD user who is authorized to write a specific Resource-ID to delegate his exclusive @@ -321,22 +327,23 @@ +-----------+------------------------------+-----------+ | 123abc004 | to_user:Carol Kind:4321 ad:0 | Owner | +-----------+------------------------------+-----------+ | ... | ... | ... | +-----------+------------------------------+-----------+ | 456def001 | to_user:Bob Kind:1234 ad:0 | Alice | +-----------+------------------------------+-----------+ | ... | ... | ... | +-----------+------------------------------+-----------+ - Figure 1: Simplified example of an Access Control including entries - for two different Kind-IDs and varying delegation (ad) configurations + Figure 1: Simplified example of an Access Control List including + entries for two different Kind-IDs and varying delegation (ad) + configurations Implementations of ShaRe should be aware that the trust delegation in an Access Control List need not be loop free. Self-contained circular trust delegation from A to B and B to A are syntactically possible, even though not very meaningful. 4.2. Data Structure The Kind data structure for the Access Control List is defined as follows: @@ -369,27 +376,26 @@ kind: This field contains the Kind-ID of the Shared Resource. allow_delegation: If true, this Boolean flag indicates that the Authorized Peer in the 'to_user' field is allowed to add additional entries to the ACL for the specified Kind-ID. 5. Extension for Variable Resource Names 5.1. Overview - In certain use cases such as conferencing (c.f. - [I-D.ietf-p2psip-disco]) it is desirable to increase the flexibility - of a peer in using Resource Names beyond those defined by the - username or Node-ID fields in its certificate. For this purpose, - this document presents the concept for variable Resources Names that - enables providers of RELOAD instances to define relaxed naming - schemes for overlay Resources. + In certain use cases such as conferencing it is desirable to increase + the flexibility of a peer in using Resource Names beyond those + defined by the user name or Node-ID fields in its certificate. For + this purpose, this document presents the concept for variable + Resources Names that enables providers of RELOAD instances to define + relaxed naming schemes for overlay Resources. Each RELOAD node uses a certificate to identify itself using its user name (or Node-ID) while storing data under a specific Resource-ID (see Section 7.3 in [RFC6940]). The specifications in this document scheme adhere to this paradigm, but enable a RELOAD peer to store values of Resource Names that are derived from the username in its certificate. This is done by using a Resource Name with a variable substring that still matches the user name in the certificate using a pattern defined in the overlay configuration document. Thus despite being variable, an allowable Resource Name remains tied to the @@ -398,22 +404,22 @@ Example Pattern: .*-conf-$USER@$DOMAIN When defining the pattern, care must be taken to avoid conflicts arising from two usernames of witch one is a substring of the other. In such cases, the holder of the shorter name could threaten to block the resources of the longer-named peer by choosing the variable part of a Resource Name to contain the entire longer username. This problem can easily be mitigated by delimiting the variable part of the pattern from the username part by some fixed string, that by - convention is not part of a username (e.g., the "-conf-" in the above - Example). + convention is not part of a user name (e.g., the "-conf-" in the + above Example). 5.2. Data Structure This section defines the optional ResourceNameExtension structure for every Kind that uses the USER-CHAIN-ACL access control policy. enum { pattern(1), (255)} ResourceNameType; struct { ResourceNameType type; @@ -441,47 +447,52 @@ being stored. The type "pattern" further indicates that the Resource Name MUST match to one of the variable resource name pattern defined for this Kind in the configuration document. The ResourceNameType enum and the ResourceNameExtension structure can be extended by further Usages to define other naming schemes. 5.3. Overlay Configuration Document Extension This section extends the overlay configuration document by defining - new elements for patterns relating resource names to user names. - Configurations in this overlay document MUST adhere in syntax and - semantic of names as defined by the context of use. For example, AOR + new elements for patterns relating resource names to user names. It + is noteworthy that additional constraints on the syntax and semantic + of names can apply according to specific Usages. For example, AOR syntax restrictions apply when using P2PSIP[I-D.ietf-p2psip-sip], while a more general naming is feasible in plain RELOAD. The element serves as a container for one or multiple sub-elements. It is an additional parameter within the kind-block and has a boolean "enable" attribute that indicates, if true, that the overlay provider allows variable resource names for this Kind. The default value of the "enable" attribute is "false". In the absence of a element for a Kind using the USER-CHAIN-ACL access policy (see - Section 6.6), implementors SHOULD assume this default value. + Section 6.6), implementors MUST assume this default value. A element MUST be present if the "enabled" attribute of its parent element is set to true. Each element defines a pattern for constructing extended resource names for a single Kind. It is of type xsd:string and interpreted as a regular expression according to "POSIX Extended Regular Expression" (see the specifications in [IEEE-Posix]). In this regular expression, $USER and $DOMAIN are used as variables for the corresponding parts of the string in the certificate user name field (with $USER preceding and $DOMAIN succeeding the '@'). Both variables MUST be present in any - given pattern definition. If no pattern is defined for a Kind or the - "enable" attribute is false, allowable Resource Names are restricted - to the username of the signer for Shared Resource. + given pattern definition. Furthermore, variable parts in + elements defined in the overlay configuration document MUST remain + syntactically separated from the user name part (e.g., by a dedicated + delimiter) to prevent collisions with other names of other users. If + no pattern is defined for a Kind, if the "enable" attribute is false, + or if the regular expression does not meet the requirements specified + in this section, the allowable Resource Names are restricted to the + user name of the signer for Shared Resource. The Relax NG Grammar for the Variable Resource Names Extension reads: # VARIABLE RESOURCE URN SUB-NAMESPACE namespace share = "urn:ietf:params:xml:ns:p2p:config-base:share" # VARIABLE RESOURCE NAMES ELEMENT kind-parameter &= element share:variable-resource-names { @@ -519,24 +531,24 @@ that items can be stored in the numerical order of the array index starting with the index of the root item. An Authorized Peer with delegation allowance ("ad"=1) can extend the access to an existing Shared Resource as follows. o An Authorized Peer can store additional ACL items at the Resource- ID of the Shared Resource. These ACL items contain the resource name extension field, the username of the newly Authorized Peer, and the Kind-Id of the Shared Resource. Optionally, the "ad" flag - is set to 1 for allowing the Authorized Peer to further delegate - write access. The array index MUST be generated as described in - Section 3.1. Each succeeding ACL item can be stored in the - numerical order of the array index. + is set to 1 for allowing the newly Authorized Peer to further + delegate write access. The array index MUST be generated as + described in Section 3.1. Each succeeding ACL item can be stored + in the numerical order of the array index. A store request by an Authorized Peer that attempts to overwrite any ACL item signed by another Peer is unauthorized and causes an Error_Forbidden response from the Storing Peer. Such access conflicts could be caused by an array index collision. However, the probability of a collision of two or more identical array indices will be negligibly low using the mechanism for isolating stored data (see Section 3.1) 6.2. Revoking Write Access @@ -547,50 +559,54 @@ delegations performed by that user including all subsequent delegations. This allows to invalidate entire subtrees of the delegations tree with only a single operation. Overwriting the root item with a non-existent value of an Access List invalidates the entire delegations tree. An existing ACL item MUST only be overwritten by the user who initially stored the corresponding entry, or by the Resource Owner that is allowed to overwrite all ACL items for revoking write access. + To protect the privacy of the users, the Resource Owner SHOULD + overwrite all subtrees that have been invalidated. + 6.3. Validating Write Access through an ACL Access Control Lists are used to transparently validate authorization of peers for writing a data value at a Shared Resource. Thereby it is assumed that the validating peer is in possession of the complete and most recent ACL for a specific Resource/Kind pair. The corresponding procedure consists of recursively traversing the trust - delegation tree and proceeds as follows. + delegation tree with strings compared as binary objects. It proceeds + as follows. 1. Obtain the username of the certificate used for signing the data stored at the Shared Resource. 2. Validate that an item of the corresponding ACL (i.e., for this Resource/Kind pair) contains a "to_user" field whose value equals the username obtained in step 1. If the Shared Resource under examination is an Access Control List Kind, further validate if the "ad" flag is set to 1. 3. Select the username of the certificate that was used to sign the ACL item obtained in step 2. 4. Validate that an item of the corresponding ACL contains a "to_user" field whose value equals the username obtained in step 3. Additionally validate that the "ad" flag is set to 1. 5. Repeat steps 3 and 4 until the "to_user" value is equal to the - username of the signer of the previously selected ACL item. This - final ACL item is expected to be the root item of this ACL which - SHALL be further validated by verifying that the root item was - signed by the owner of the ACL Resource. + user name of the signer of the previously selected ACL item. + This final ACL item is expected to be the root item of this ACL + which MUST be further validated by verifying that the root item + was signed by the owner of the ACL Resource. The trust delegation chain is valid if and only if all verification steps succeed. In this case, the creator of the data value of the Shared Resource is an Authorized Peer. Note that the ACL validation procedure can be omitted whenever the creator of data at a Shared Resource is the Resource Owner itself. The latter can be verified by its public key certificate as defined in Section 6.6. @@ -638,30 +654,32 @@ following one of the specified naming pattern. Hence, on an inbound store request on a Kind that uses the USER-CHAIN-ACL access policy, the following rules MUST be applied: In the USER-CHAIN-ACL policy, a given value MUST be written or overwritten, if either one of USER-MATCH or USER-NODE-MATCH (mandatory if the data model is dictionary) access policies of the base document [RFC6940] applies. Otherwise, the value MUST be written if the certificate of the signer - contains a username that matches to one of the variable resource name - pattern (c.f. Section 5) specified in the configuration document - and, additionally, the hashed Resource Name matches the Resource-ID. - The Resource Name of the Kind to be stored MUST be taken from the - mandatory ResourceNameExtension field in the corresponding Kind data - structure. + contains a user name that matches to the user and domain portion in + one of the variable resource name patterns (c.f. Section 5) + specified in the configuration document and, additionally, the hashed + Resource Name matches the Resource-ID. The Resource Name of the Kind + to be stored MUST be taken from the mandatory ResourceNameExtension + field in the corresponding Kind data structure. Otherwise, the value MUST be written if the ACL validation procedure described in Section 6.3 has been successfully applied. + Otherwise, the store request MUST be denied. + 7. ACCESS-CONTROL-LIST Kind Definition This section defines the ACCESS-CONTROL-LIST Kind previously described in this document. Name: ACCESS-CONTROL-LIST Kind IDs: The Resource Name for ACCESS-CONTROL-LIST Kind-ID is the Resource Name of the Kind that will be shared by using the ACCESS- CONTROL-LIST Kind. @@ -698,26 +716,44 @@ small set of misbehaving peers. This is not different for Shared Resources since a small set of malicious peers does not disrupt the functionality of the overlay in general, but may have implications for the peers needing to store or access information at the specific locations in the ID space controlled by a malicious peer. A storing peer could withhold stored data which results in a denial of service to the group using the specific resource. But it could not return forged data, since the validity of any stored data can be independently verified using the attached signatures. -8.3. Privacy Issues +8.3. Trust Delegation to a Malicious or Misbehaving Peer - All data stored in the Shared Resource is publicly readable, thus - applications requiring privacy need to encrypt the data. The ACL - needs to be stored unencrypted, thus the list members of a group - using a Shared Resource will always be publicly visible. + A Resource Owner that erroneously delegated write access to a Shared + Resource for a misbehaving peer enables this malicious member of the + overlay to interfere with the corresponding group application in + several unwanted ways. Examples of destructive interferences range + from exhausting shared storage to dedicated application-specific + misuse. Additionally, a bogus peer that was granted delegation + rights may authorize further malicious collaborators to writing the + Shared Resource. + + It is the obligation of the Resource Owner to bind trust delegation + to apparent trustworthiness. Additional measures to monitor proper + behavior may be applied. In any case, the Resource Owner will be + able to revoke trust delegation of an entire tree in a single + overwrite operation. It further holds the right to overwrite any + malicious contributions to the shared resource under misuse. + +8.4. Privacy Issues + + All data stored in the Shared Resource is readable by any node in the + overlay, thus applications requiring privacy need to encrypt the + data. The ACL needs to be stored unencrypted, thus the list members + of a group using a Shared Resource will always be publicly visible. 9. IANA Considerations 9.1. Access Control Policy IANA shall register the following entry in the "RELOAD Access Control Policies" Registry (cf., [RFC6940]) to represent the USER-CHAIN-ACL Access Control Policy, as described in Section 6.6. [NOTE TO IANA/ RFC-EDITOR: Please replace RFC-AAAA with the RFC number for this specification in the following list.] @@ -731,32 +768,31 @@ IANA shall register the following code point in the "RELOAD Data Kind-ID" Registry (cf., [RFC6940]) to represent the ShaRe ACCESS- CONTROL-LIST kind, as described in Section 7. [NOTE TO IANA/RFC- EDITOR: Please replace RFC-AAAA with the RFC number for this specification in the following list.] +----------------------+------------+----------+ | Kind | Kind-ID | RFC | +----------------------+------------+----------+ - | ACCESS-CONTROL-LIST | 17 | RFC-AAAA | + | ACCESS-CONTROL-LIST | TBD | RFC-AAAA | +----------------------+------------+----------+ 9.3. XML Name Space Registration - This document registers the following URI for the config XML - namespace in the IETF XML registry defined in [RFC3688] + This document registers the following URI for the config XML name + space in the IETF XML registry defined in [RFC3688] URI: urn:ietf:params:xml:ns:p2p:config-base:share Registrant Contact: The IESG - XML: N/A, the requested URI is an XML namespace 10. References 10.1. Normative References [IEEE-Posix] "IEEE Standard for Information Technology - Portable Operating System Interface (POSIX) - Part 2: Shell and Utilities (Vol. 1)", IEEE Std 1003.2-1992, ISBN @@ -774,50 +810,46 @@ [RFC6940] Jennings, C., Lowekamp, B., Ed., Rescorla, E., Baset, S., and H. Schulzrinne, "REsource LOcation And Discovery (RELOAD) Base Protocol", RFC 6940, DOI 10.17487/RFC6940, January 2014, . 10.2. Informative References [I-D.ietf-p2psip-concepts] Bryan, D., Matthews, P., Shim, E., Willis, D., and S. Dawkins, "Concepts and Terminology for Peer to Peer SIP", - draft-ietf-p2psip-concepts-07 (work in progress), May - 2015. - - [I-D.ietf-p2psip-disco] - Knauf, A., Schmidt, T., Hege, G., and M. Waehlisch, "A - RELOAD Usage for Distributed Conference Control (DisCo)", - draft-ietf-p2psip-disco-02 (work in progress), July 2013. + draft-ietf-p2psip-concepts-08 (work in progress), February + 2016. [I-D.ietf-p2psip-sip] Jennings, C., Lowekamp, B., Rescorla, E., Baset, S., Schulzrinne, H., and T. Schmidt, "A SIP Usage for RELOAD", - draft-ietf-p2psip-sip-15 (work in progress), July 2015. + draft-ietf-p2psip-sip-17 (work in progress), March 2016. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July 2003, . Acknowledgments This work was stimulated by fruitful discussions in the P2PSIP working group and SAM research group. We would like to thank all active members for constructive thoughts and feedback. In particular, the authors would like to thank (in alphabetical order) - Emmanuel Baccelli, Lothar Grimm, Cullen Jennings, Peter Musgrave, - Joerg Ott, Marc Petit-Huguenin, Peter Pogrzeba, and Jan Seedorf. - This work was partly funded by the German Federal Ministry of - Education and Research, projects HAMcast, Mindstone, and SAFEST. + Emmanuel Baccelli, Alissa Cooper Lothar Grimm, Cullen Jennings, Peter + Musgrave, Joerg Ott, Marc Petit-Huguenin, Peter Pogrzeba, and Jan + Seedorf. This work was partly funded by the German Federal Ministry + of Education and Research, projects HAMcast, Mindstone, and SAFEST. Authors' Addresses + Alexander Knauf HAW Hamburg Berliner Tor 7 Hamburg D-20099 Germany Phone: +4940428758067 Email: alexanderknauf@gmail.com Thomas C. Schmidt