IETF Logo Mail Archive

Re: [Int-area] Middleboxes to aid the deployment of MPTCP

Joe Touch <touch@isi.edu> Tue, 18 July 2017 22:49 UTC

Return-Path: <touch@isi.edu>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E23013170E; Tue, 18 Jul 2017 15:49:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPLLlJxf5jqp; Tue, 18 Jul 2017 15:49:58 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 112AB126C23; Tue, 18 Jul 2017 15:49:58 -0700 (PDT)
Received: from [128.9.184.233] ([128.9.184.233]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id v6IMnhqp002758 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 18 Jul 2017 15:49:44 -0700 (PDT)
To: Tom Herbert <tom@herbertland.com>
Cc: Olivier Bonaventure <olivier.bonaventure@tessares.net>, Internet Area <int-area@ietf.org>, tsv-area@ietf.org
References: <fe384d2b-a0ba-9444-2ee9-cd0de6d24b7c@tessares.net> <61608b70-6861-e7f8-96de-5679718a9680@isi.edu> <CALx6S35LpE=Z8DhanPuVcN9sVR2rkxtFPUZMd6Z4v1PHsnzF0w@mail.gmail.com>
From: Joe Touch <touch@isi.edu>
Message-ID: <ae63a4a1-8d64-044d-4648-b651f37b7b1e@isi.edu>
Date: Tue, 18 Jul 2017 15:49:41 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CALx6S35LpE=Z8DhanPuVcN9sVR2rkxtFPUZMd6Z4v1PHsnzF0w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------04A9FF8E2835E89144EEC472"
Content-Language: en-US
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/dxi0V6T7VBK2Vb81wPpGfuCGD2k>
Subject: Re: [Int-area] Middleboxes to aid the deployment of MPTCP
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jul 2017 22:49:59 -0000


On 7/18/2017 3:43 PM, Tom Herbert wrote:
>> TCP must be E2E and fall back to legacy endpoints without a reconnection
>> attempt, as required by RFC793.
>>
>> These aren't generic solutions; they're attacks on a TCP connection, IMO.
>>
> I agree. This seems be akin to stateful firewalls model that impose
> artificial requirements on networking (like every TCP packet for a
> connection must got through some middlebox or the connection is
> dropped). We need to move things back to E2E semantics for transport
> protocols-- nodes that try to maintain transport state in the network
> should be considered the problem not the solution!
I'm a little less concerned with state in the network (link layers have
state too - both hard and soft).

My primary concern is this as an attack on TCP - or its equivalence to
an attack. I though the point of true TCP and lower layer security was
to prevent such attacks.

Perhaps that's why I consider TLS and TCPcrypt to be so badly misnamed.
They don't protect *TCP* at all.

Joe

v2.23.0 | Report a Bug | By Email