Re: [multipathtcp] Stephen Farrell's No Objection on draft-ietf-mptcp-experience-06: (with COMMENT)

Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be> Wed, 14 September 2016 16:18 UTC

Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1644B12B332; Wed, 14 Sep 2016 09:18:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uclouvain.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fKMCMDCgOrY2; Wed, 14 Sep 2016 09:18:54 -0700 (PDT)
Received: from smtp3.sgsi.ucl.ac.be (smtp.sgsi.ucl.ac.be [130.104.5.67]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 541DC12B340; Wed, 14 Sep 2016 09:13:15 -0700 (PDT)
Received: from mbpobo.local (host-78-129-6-94.dynamic.voo.be [78.129.6.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: obonaventure@smtp3.sgsi.ucl.ac.be) by smtp3.sgsi.ucl.ac.be (Postfix) with ESMTPSA id E3E0967DA3C; Wed, 14 Sep 2016 18:13:07 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 smtp3.sgsi.ucl.ac.be E3E0967DA3C
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uclouvain.be; s=selucl; t=1473869588; bh=oV8oPs2VCaFaft1ZaJFJx1JhhmLRCej3YeGCiOrr4Xo=; h=Reply-To:Subject:References:To:Cc:From:Date:In-Reply-To; b=gObavXdZfk/6dfAzWNp1jSrAldv+wVi1Q7AMTTchakkSuW1Ud/fyf+cMHd+5GTiyj NWg+fPD1k9Gh7muUVtxP2AtBsE7loR7STTZilx9tMK+rARUOrg1v+XGzlwTu90IdG+ I+yKs97u4TjOGAWFhdqxjy6QNYabcByD/Kk2q2wI=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99 at smtp-3
References: <147385003530.1966.83385935910172454.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
From: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>
Message-ID: <d8376f59-1fc5-7ba8-8223-e47dd0518381@uclouvain.be>
Date: Wed, 14 Sep 2016 18:13:07 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <147385003530.1966.83385935910172454.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Sgsi-Spamcheck: SASL authenticated,
X-SGSI-Information:
X-SGSI-MailScanner-ID: E3E0967DA3C.A6E34
X-SGSI-MailScanner: Found to be clean
X-SGSI-From: olivier.bonaventure@uclouvain.be
X-SGSI-Spam-Status: No
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/GKra2iyzDcfqqLUvBaUcmC0a3yQ>
Cc: multipathtcp@ietf.org, draft-ietf-mptcp-experience@ietf.org, mptcp-chairs@ietf.org
Subject: Re: [multipathtcp] Stephen Farrell's No Objection on draft-ietf-mptcp-experience-06: (with COMMENT)
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Olivier.Bonaventure@uclouvain.be
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2016 16:18:57 -0000

Stephen,
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
> I was a bit sad that there was no reporting of
> experiences with the security aspects of MPTCP.  Have
> we really learned nothing worth saying about that?
> Have we really seen no attacks on, or tailored to,
> MPTCP? It seems odd that the answer to both questions
> is "no."

There are already two RFC on security issues with MPTCP

https://tools.ietf.org/html/rfc6181
https://tools.ietf.org/html/rfc7430

We did not want to rediscuss those issues that are alreayd documented on 
the security of MPTCP itself.

Another point is the impact of MPTCP on existing IDS, firewalls and 
other types middleboxes that could only see a portion of the traffic. 
There have been blackhat presentations on this, e.g.

https://www.blackhat.com/docs/us-14/materials/us-14-Pearce-Multipath-TCP-Breaking-Todays-Networks-With-Tomorrows-Protocols.pdf

I haven't seen deployment of those attacks, but could extend section 3.5 
or discuss this in a bit more details if you think that this would be 
useful.


Olivier