IETF Logo Mail Archive

Re: [multipathtcp] High-level design decisions /architecture

<philip.eardley@bt.com> Wed, 04 November 2009 17:01 UTC

Return-Path: <philip.eardley@bt.com>
X-Original-To: multipathtcp@core3.amsl.com
Delivered-To: multipathtcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC97728C0DE for <multipathtcp@core3.amsl.com>; Wed, 4 Nov 2009 09:01:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5 tests=[AWL=0.204, BAYES_00=-2.599, J_CHICKENPOX_72=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wWqaU46d6K94 for <multipathtcp@core3.amsl.com>; Wed, 4 Nov 2009 09:01:34 -0800 (PST)
Received: from smtp1.smtp.bt.com (smtp1.smtp.bt.com [217.32.164.137]) by core3.amsl.com (Postfix) with ESMTP id 7D2763A657C for <multipathtcp@ietf.org>; Wed, 4 Nov 2009 09:01:33 -0800 (PST)
Received: from E03MVB1-UKBR.domain1.systemhost.net ([193.113.197.110]) by smtp1.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 4 Nov 2009 17:01:55 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 04 Nov 2009 17:00:54 -0000
Message-ID: <4A916DBC72536E419A0BD955EDECEDEC06363A78@E03MVB1-UKBR.domain1.systemhost.net>
In-Reply-To: <4AEF32BB.7020103@it.uc3m.es>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [multipathtcp] High-level design decisions /architecture
Thread-Index: Acpb8qCBwu80Q2GMTny0tYGiXkMvagBfO95A
From: philip.eardley@bt.com
To: multipathtcp@ietf.org
X-OriginalArrivalTime: 04 Nov 2009 17:01:55.0025 (UTC) FILETIME=[8312D410:01CA5D70]
Subject: Re: [multipathtcp] High-level design decisions /architecture
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 17:01:35 -0000

>From the Security discussion it seems:

- the WG needs to describe /analyse threats as soon as possible. Do people think that http://www.ietf.org/id/draft-bagnulo-mptcp-threat-00.txt is a reasonable starting point for this?
- until the threat analysis doc has progressed a bit, it is too early to agree on the security mechanism. We will have to wait & see whether we can decide this in Feb/March.

phil

> -----Original Message-----
> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
> Sent: 02 November 2009 19:28
> To: Eardley,PL,Philip,DEE1 R
> Cc: multipathtcp@ietf.org
> Subject: Re: [multipathtcp] High-level design decisions /architecture
> 
> philip.eardley@bt.com escribió:
> >
> > Security
> >
> > ======
> >
> >     * exchange a token in the initial SYN for the MPTCP connection,
> >       and include the token when subflows /paths are added to the
> >       connection
> >           o [Question: Is the same token used whether the sender or
> >             receiver (of the MPTCP connection) adds the subflow? Is
> >             the same technique used for removing subflows? And closing
> >             connections, ie DATA FIN?]
> >
> 
> I have been thinking about alternatives mechanisms that without
> requiring heavy crypto would remove the threats from passive on path
> attackers that can laucnhh attacks to the token based security (and
> require the attacker to actively change the traffic in order to launch
> the attack). I think this could be worth considering since the work
> required by the
> I haven't been able to write an ID about that just yet, but i was hoping
> to do something in the few next weeks.
> 
> Regards, marcelo
> 
> 
> 
> >          o
> >
> >
> >
> >
> >     * security mechanisms will not interfere with end-to-end
> >       authentication etc and will be compatible with legacy middleboxes
> >
> > Modularity
> >
> > ========
> >
> > · the architecture has 2 components, multipath scheduler & path
> > manager - meaning that improved /different modules of each can be
> > slotted in
> >
> > o [Comment: it is unclear from the Architecture i-d how the congestion
> > control & protocol i-ds map to these components; some of the text
> > (strangely?) appears in a section about implementation]
> >
> > o [Question: what are the mechanisms for evolvability? How is it
> > negotiated which new module (for congestion control or path manager)
> > to use?]
> >
> > o [Question: this would seem to imply we need to define an interface
> > between the modules?]
> >
> > · there is a default path manager module, meaning it is the MUST
> > fall-back option
> >
> > o [Comment: the charter restricts us - the path manager we work on
> > will distinguish paths by multiple addresses]
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > multipathtcp mailing list
> > multipathtcp@ietf.org
> > https://www.ietf.org/mailman/listinfo/multipathtcp
> >

v2.23.0 | Report a Bug | By Email