Re: [multipathtcp] High-level design decisions /architecture
Joe Touch <touch@ISI.EDU> Tue, 03 November 2009 16:17 UTC
Return-Path: <touch@ISI.EDU>
X-Original-To: multipathtcp@core3.amsl.com
Delivered-To: multipathtcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF59D3A6A0C for <multipathtcp@core3.amsl.com>; Tue, 3 Nov 2009 08:17:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJPYEAiVmNgw for <multipathtcp@core3.amsl.com>; Tue, 3 Nov 2009 08:17:23 -0800 (PST)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 1F9123A6A21 for <multipathtcp@ietf.org>; Tue, 3 Nov 2009 08:17:23 -0800 (PST)
Received: from [75.213.246.17] (17.sub-75-213-246.myvzw.com [75.213.246.17]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id nA3GGqKo006068 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 3 Nov 2009 08:16:55 -0800 (PST)
Message-ID: <4AF0576B.9050505@isi.edu>
Date: Tue, 03 Nov 2009 08:16:43 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
References: <4A916DBC72536E419A0BD955EDECEDEC06363A62@E03MVB1-UKBR.domain1.systemhost.net> <4AEF781E.4070009@isi.edu> <4AEFFC63.10202@it.uc3m.es>
In-Reply-To: <4AEFFC63.10202@it.uc3m.es>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: multipathtcp@ietf.org
Subject: Re: [multipathtcp] High-level design decisions /architecture
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2009 16:17:24 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 marcelo bagnulo braun wrote: > Joe Touch escribió: >> >>> Security >>> >>> ====== >>> >>> * exchange a token in the initial SYN for the MPTCP connection, and >>> include the token when subflows /paths are added to the connection >>> o [Question: Is the same token used whether the sender or >>> receiver (of the MPTCP connection) adds the subflow? Is the >>> same technique used for removing subflows? And closing >>> connections, ie DATA FIN?] >>> >> >> Let's please not call this "security". Call it a flow identifier, but >> it's trivial for on-path attackers to see, and anything small enough to >> be appropriate for a SYN is likely to be too small to prevent exhaustion >> attacks. >> >> >>> * security mechanisms will not interfere with end-to-end >>> authentication etc >> >> Yes. Specifically IMO there ought to be a TCP-AO mode supported - e.g., >> using socketpair of the original connection for the pseudoheader used >> for MAC calculation. >> >> > It would make sense to contrast the protection provided by TCP-AO witht > he threats identified in the threat analysis and see how many of these > it solves. Agreed. Same for the nonce. Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkrwV2sACgkQE5f5cImnZrt0iwCeKyrt4rYoszR1MwS60Y5IkS0y FXIAmwUg6K05KwRc26wBPWLxTVM40l9p =Dgpo -----END PGP SIGNATURE-----
- [multipathtcp] High-level design decisions /archi… philip.eardley
- Re: [multipathtcp] High-level design decisions /a… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Mark Handley
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Lars Eggert
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- [multipathtcp] This shim6 part of the answer (was… marcelo bagnulo braun
- [multipathtcp] The MPTCP part (was Re: High-level… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Mark Handley
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… marcelo bagnulo braun
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… Mark Handley
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Ford, Alan
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… philip.eardley
- Re: [multipathtcp] High-level design decisions /a… Lars Eggert
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- Re: [multipathtcp] High-level design decisions /a… Scott Brim
- Re: [multipathtcp] High-level design decisions /a… Costin Raiciu
- Re: [multipathtcp] High-level design decisions /a… Yoshifumi Nishida
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch
- Re: [multipathtcp] High-level design decisions /a… William Herrin
- Re: [multipathtcp] High-level design decisions /a… Joe Touch