Re: [multipathtcp] Stephen Farrell's No Objection on draft-ietf-mptcp-experience-06: (with COMMENT)
Anna Brunstrom <anna.brunstrom@kau.se> Wed, 14 September 2016 16:41 UTC
Return-Path: <prvs=00657a3d1d=anna.brunstrom@kau.se>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23E4812B351; Wed, 14 Sep 2016 09:41:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ciatpzn_Fc3K; Wed, 14 Sep 2016 09:41:56 -0700 (PDT)
Received: from nasse.dc.kau.se (smtp.kau.se [193.10.220.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E41A12B334; Wed, 14 Sep 2016 09:41:56 -0700 (PDT)
X-Spam-Processed: mail.kau.se, Wed, 14 Sep 2016 18:41:51 +0200 (not processed: spam filter heuristic analysis disabled)
X-MDRemoteIP: 90.236.251.243
X-MDArrival-Date: Wed, 14 Sep 2016 18:41:51 +0200
X-Authenticated-Sender: anna.brunstrom@kau.se
X-Return-Path: anna.brunstrom@kau.se
X-Envelope-From: anna.brunstrom@kau.se
To: Olivier.Bonaventure@uclouvain.be, stephen.farrell@cs.tcd.ie, iesg@ietf.org
References: <147385003530.1966.83385935910172454.idtracker@ietfa.amsl.com> <d8376f59-1fc5-7ba8-8223-e47dd0518381@uclouvain.be>
From: Anna Brunstrom <anna.brunstrom@kau.se>
Message-ID: <ddb0fb57-c2e3-00b9-2d40-f219fd63c32f@kau.se>
Date: Wed, 14 Sep 2016 18:41:44 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <d8376f59-1fc5-7ba8-8223-e47dd0518381@uclouvain.be>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/1BLNeVlH0lYIq2mI2wrdWRhBwsE>
Cc: multipathtcp@ietf.org, draft-ietf-mptcp-experience@ietf.org, mptcp-chairs@ietf.org
Subject: Re: [multipathtcp] Stephen Farrell's No Objection on draft-ietf-mptcp-experience-06: (with COMMENT)
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2016 16:41:59 -0000
Hi Olivier, all, On 2016-09-14 18:13, Olivier Bonaventure wrote: > Stephen, >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> >> I was a bit sad that there was no reporting of >> experiences with the security aspects of MPTCP. Have >> we really learned nothing worth saying about that? >> Have we really seen no attacks on, or tailored to, >> MPTCP? It seems odd that the answer to both questions >> is "no." > > There are already two RFC on security issues with MPTCP > > https://tools.ietf.org/html/rfc6181 > https://tools.ietf.org/html/rfc7430 > > We did not want to rediscuss those issues that are alreayd documented > on the security of MPTCP itself. > > Another point is the impact of MPTCP on existing IDS, firewalls and > other types middleboxes that could only see a portion of the traffic. > There have been blackhat presentations on this, e.g. > > https://www.blackhat.com/docs/us-14/materials/us-14-Pearce-Multipath-TCP-Breaking-Todays-Networks-With-Tomorrows-Protocols.pdf > In case it is of interest, there is also some academic work measuring and evaluating this in: Z Afzal, S Lindskog, "Multipath TCP IDS Evasion and Mitigation", International Information Security Conference, 2015, Springer BR, Anna > > I haven't seen deployment of those attacks, but could extend section > 3.5 or discuss this in a bit more details if you think that this would > be useful. > > > Olivier > > _______________________________________________ > multipathtcp mailing list > multipathtcp@ietf.org > https://www.ietf.org/mailman/listinfo/multipathtcp
- [multipathtcp] Stephen Farrell's No Objection on … Stephen Farrell
- Re: [multipathtcp] Stephen Farrell's No Objection… Mirja Kühlewind
- Re: [multipathtcp] Stephen Farrell's No Objection… Stephen Farrell
- Re: [multipathtcp] Stephen Farrell's No Objection… Mirja Kühlewind
- Re: [multipathtcp] Stephen Farrell's No Objection… Olivier Bonaventure
- Re: [multipathtcp] Stephen Farrell's No Objection… Anna Brunstrom
- Re: [multipathtcp] Stephen Farrell's No Objection… Stephen Farrell
- Re: [multipathtcp] Stephen Farrell's No Objection… Olivier Bonaventure
- Re: [multipathtcp] Stephen Farrell's No Objection… philip.eardley
- Re: [multipathtcp] Stephen Farrell's No Objection… Stephen Farrell
- Re: [multipathtcp] Stephen Farrell's No Objection… Olivier Bonaventure