[multipathtcp] Comments on draft-bagnulo-mptcp-privacy-00
Olivier Bonaventure <olivier.bonaventure@uclouvain.be> Tue, 16 July 2019 14:40 UTC
Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E01D9120647 for <multipathtcp@ietfa.amsl.com>; Tue, 16 Jul 2019 07:40:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uclouvain.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfSGUN9EUyf6 for <multipathtcp@ietfa.amsl.com>; Tue, 16 Jul 2019 07:40:06 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150090.outbound.protection.outlook.com [40.107.15.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F44512062E for <multipathtcp@ietf.org>; Tue, 16 Jul 2019 07:40:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=arhPOfp1ZuJGBtpL5qdSm6ulAe2wU1zj4h7koPFfBBdIm4ixNz9v1MU1gUBeu5DZXw7Huwna+pvDwqMOc6QnLFnmuxM3I6oXGUEPDvSrvtZYyx9yEWpEENG6uug7iSuPcbzIfK9rlxazOWRhqRggu6HA69slWftS+iO600jSYC6G9K1Zo8Io5E0XdP44zQiSWt1gGYuqB0ePrA65Q+KZ+tmBYM8Q+Vm0LJFnD1jxMxGfAdxKlknuvvdu4FPfeIekkYzqrzO7oXG0XDutBZCng2VHc9M9hOEljYtbEhLu9FpcFWeynFGybDgbsXao1FndJH8nnI0/tnRAz2b/cGPlZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T7Af2GQ0WP6a3TpHDnQwTopSkG4hpnGiy+ckQ2OF6jY=; b=eNTCR6/M07pCRqb3SUzJ8VwI9K8xswB0WlOAPOF6Tm0t7JG6o0DxdAxHUwWBxIZh0oKJmiVeUhhKkUmFRE+mjk0p26SqbBL2MtYJEAydi5sft2N/Gcpf45fZxvjBYUvi5V2JOeKkhkdXKoHYWrRbz02Ay+2gWcUozCx7aUtB30AENWG8/ZWJpXguQtkb5uMEYRWIF3X6RCtBCpQ/6qOcFiGWYI6qmLbTgtZC9zeQ3yk5OxJULFgC0kKBDhkEcIY62NX0h7DZX6BWKMLjfko+R0OCgpgZMd+QLc5A8nGLGSZjFYoRe7xgxZXYfcI4DmdaXX1gyLNJRk0aU//8lyWobw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=uclouvain.be;dmarc=pass action=none header.from=uclouvain.be;dkim=pass header.d=uclouvain.be;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uclouvain.be; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T7Af2GQ0WP6a3TpHDnQwTopSkG4hpnGiy+ckQ2OF6jY=; b=QDqvQSjLo5pfgmftVAuBuxnqDIeCqlbHEJCPKx5RmSN63+gJuwbM8mRQZnGycNPiL9WVXpooFHjFnN2p5HVyZnDxyp24rnf2Eoo//nZbmjh5C3JcSpc/ebvp2u02AeNhVx3nxHykOpmt1ObFTxQTgu6aoPtwppA5pc1VW0snGm8=
Received: from DB7PR03MB3548.eurprd03.prod.outlook.com (52.134.98.29) by DB7PR03MB4588.eurprd03.prod.outlook.com (20.176.234.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Tue, 16 Jul 2019 14:40:03 +0000
Received: from DB7PR03MB3548.eurprd03.prod.outlook.com ([fe80::bd11:ef06:753f:2fd8]) by DB7PR03MB3548.eurprd03.prod.outlook.com ([fe80::bd11:ef06:753f:2fd8%4]) with mapi id 15.20.2073.012; Tue, 16 Jul 2019 14:40:03 +0000
From: Olivier Bonaventure <olivier.bonaventure@uclouvain.be>
To: multipathtcp <multipathtcp@ietf.org>
Thread-Topic: Comments on draft-bagnulo-mptcp-privacy-00
Thread-Index: AQHVO+Rasgi2XRIolUCMQpESCrKELw==
Date: Tue, 16 Jul 2019 14:40:03 +0000
Message-ID: <5f7747d7-c383-926a-fef9-6f6ae0df4b3a@uclouvain.be>
Reply-To: Olivier Bonaventure <olivier.bonaventure@uclouvain.be>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LO2P265CA0095.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8::35) To DB7PR03MB3548.eurprd03.prod.outlook.com (2603:10a6:5:4::29)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=olivier.bonaventure@uclouvain.be;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:6a8:308f:2:4ce4:b7b8:e368:f058]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 27f6f13d-3b18-46ea-1205-08d709fb7ca6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DB7PR03MB4588;
x-ms-traffictypediagnostic: DB7PR03MB4588:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <DB7PR03MB4588AEDC83B246355198F22786CE0@DB7PR03MB4588.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0100732B76
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(39860400002)(346002)(376002)(396003)(136003)(199004)(189003)(51444003)(86362001)(476003)(66946007)(2616005)(66446008)(64756008)(66476007)(66556008)(6306002)(386003)(486006)(102836004)(31696002)(52116002)(6436002)(8936002)(5660300002)(81166006)(81156014)(186003)(53936002)(6512007)(46003)(256004)(3450700001)(6506007)(8676002)(2906002)(68736007)(6486002)(6916009)(25786009)(43066004)(99286004)(786003)(316002)(71190400001)(71200400001)(478600001)(14454004)(966005)(36756003)(31686004)(305945005)(6116002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB7PR03MB4588; H:DB7PR03MB3548.eurprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: uclouvain.be does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: +YN93H08p6WkDGtR2H/8u0xJKZ/nxDZT0fq27M/zUWNrQZjR/y4zi/h+SQfsrIY84ILSr+2ycBEUa0mVIiKXhxsSbWtwbFIrEVMyXHYXhDrr/STZy4T4fD/+uc03N5xwW8oiycatz7Ulmf14MCIssSV1+yRShLjg220IwwcMzbw/1KrbmjmqMYN8XgKKlMbWq22e9BCUJCA7NKvE3PrPZ3LHjtE+GFp5ISnxW/Yp2RDlr4gTR+5rLQfMoHBnBhA8H+p4wd8GKavuwOw87+L9NceOU5U23ebESt0efcAklAouyIptX3WI9tusCO4tsbjdCThdZzBNj/aYyTk/G+RzEYuJGFWfso+34cfnbmkYfRDKfa6TvCFQe6j82c/PvJjXU4gx/2CQmxHlPiaAZEty1RG2Qz8JF7FOhBcMY5LSyNw=
Content-Type: text/plain; charset="utf-8"
Content-ID: <B679DD4A8436AA43A90798B98C0CF860@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: uclouvain.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 27f6f13d-3b18-46ea-1205-08d709fb7ca6
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2019 14:40:03.0393 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: olivier.bonaventure@uclouvain.be
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR03MB4588
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/Zf-1Hwe9d1G23u9ZRQ6c1qSzVHs>
Subject: [multipathtcp] Comments on draft-bagnulo-mptcp-privacy-00
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 14:40:09 -0000
Marcelo, Amelia, Christoph, Thanks for having initiated the above draft. As I will not be able to participate to the discussion in Montreal, here are some suggestions and comments. Generic comments First, I think that it would be useful to compare the privacy features of QUIC (or a forthcoming Multipath QUIC) with those of MPTCP. Obvisouly, given that MPTCP does not encrypt anything, it suffers from more types of privacy attacks than QUIC. Second, beyond looking at the issues with the current version of MPTCP, we could consider whether an hypothetical MPTCP version x could solve some of these issues. In the draft, you mention the possibility of encrypting some of the MPTCP options. If this is done with the keys exchanged in clear during the handshake, it would probably not help. However, since a privacy sensitive application would anyway use TLS, why not consider a solution like https://datatracker.ietf.org/doc/html/draft-paasch-mptcp-ssl that basically extracts the MPTCP keys from the TLS exchange. The above draft has experied, but could probably be updated to support TLS 1.3 and the latest version of MPTCP. If we had this extension inside MPTCP, which options would need to be encrypted/authenticated : - MP_CAPABLE(no) - MP_JOIN (maybe) - DSS (but TCP sequence number would not be encyrpted) - ADD_ADDR - REMOVE_ADDR - MP_PRIO - MP_FAIL - MP_FASTCLOSE Another possible design point is MPTCPSec, see https://inl.info.ucl.ac.be/publications/secure-multipath-tcp-design-impementation.html A third design point would be to explore the integration of TCPINC and MPTCP, if this is possible. Detailed comments I think that it would be useful to provide a discussion on privacy considerations in the configuration of MPTCP and when add_addr and mp_join should be sent. A client that always sends add_addr and creates a full mesh of subflows is more vulnerable from this viewpoint than a client that does not send add_addr and only sends mp_join when the primary path fails. Of course, this increases the reaction time in case of failures. Changing the token in mp_join is something that looks interesting. We could imagine a server that provides to its client the next token to be used (possibly encrypted). This allows the server to control the numberof subflows that a client can establish, and also improves privacy. I would encourage you to explore this direction and also consider the implementation cost on servers. Considering the benefits of spreading data over multiple paths, there are benefits from the viewpoint of countering an attacker willing to capture the entire bytestream. On the other hand, an attacker who wishes to simply collect metadata about who talks with who would get more data from mptcp than from regular tcp... Overal, I think that there are many tradeoffs between privacy, reaction to failures, protocol/implementation complexity that would be worth to discuss in the draft. Best regards, Olivier
- [multipathtcp] Comments on draft-bagnulo-mptcp-pr… Olivier Bonaventure
- Re: [multipathtcp] Comments on draft-bagnulo-mptc… marcelo bagnulo braun