y - Net Developer

amrameshreddy.blog.com374 CHAPTER 12 ■ DEVELOPING PEER-TO-PEER APPLICATIONS WITH WCFramrameshreddy.blog.com■Note Poison attacks are attacks where the contents are different from the description of that content.Polluting attacks are those where invalid chunks are added to an otherwise valid file. Defection attacks arethose where users or software use the network without contributing resources to the network.P2P faces many other challenges other than the immediate technical implementationdetails. Currently, there are no standards defined, which means interoperability between differentP2P meshes is something that is difficult to achieve. Firewalls are becoming increasinglysophisticated, and although a P2P network can be based purely on IP, there are still many symmetricNAT firewalls out there. This might give the impression that these NATed addresses willcause the P2P mesh to not reach all endpoints. However, this rarely causes any issues and forthe majority of the solutions is not a concern. Management and diagnostics are still issues.Because of the nondeterministic flow in a network, trying to diagnose a bug, for example,becomes a daunting task. Also, if you need to manage a P2P network and apply something likea distributed policy, then that also becomes a challenge. For example, many enterprises do nothave control because of not being able to apply a distributed policy and because, indirectly, ofthe accountability. In many situations, this is not acceptable because of various regulatory,legal, and compliance requirements. This also makes it difficult to isolate and locate individualusers who can cause security concerns (again because of the lack of user accountability).On the legal challenges front, there is a perception because of the media coverage that allP2P is illegal and bad. And anonymous P2P networks allow one to share content easily,whether legal or not, so that does not help the cause. Although various companies and entitiessuch as RIAA, Movie Studios, and so on, are fighting the battle in the courts, there is a lot ofconfusion to the end user. This is partly because the laws are different from country to country,and there is a lot of gray area and interpretation. For example, RIAA has gone after a fewthousand users in the United States and is also looking to target some of those in the UnitedKingdom and other countries. However, certain countries such as France had legalized P2P atone time and later changed the local laws without absolute clarification. All this has led tomore blurred distinction between what is legal and what is not.■Note We have kept the legal perception of P2P intentionally vague in this section. Since the local lawschange so much based on the jurisdiction, it is not possible to cover all the situations here. The importantpart to remember is that the legal issues have nothing to do with the technology; rather, P2P is one specificimplementation of the technology.ramrameshreddyramrameshreddyP2P Development Life CycleWhen developing and deploying P2P applications, you face three primary issues: how toachieve end-to-end connectivity; how to provide a common foundation consisting of variousstate data, identity management, and so on, for peers to use when exchanging state; and howto deploy and scale the solution in a secure manner. Each of these is an important piece of thepuzzle to enable the P2P solution to work.