Re: [multipathtcp] q about draft-paasch-mptcp-application-authentication-00
Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Fri, 10 June 2016 06:46 UTC
Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D12A012D94A for <multipathtcp@ietfa.amsl.com>; Thu, 9 Jun 2016 23:46:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDuV85KDZiof for <multipathtcp@ietfa.amsl.com>; Thu, 9 Jun 2016 23:46:35 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [IPv6:2001:200:0:8803::53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8A2312D529 for <multipathtcp@ietf.org>; Thu, 9 Jun 2016 23:46:34 -0700 (PDT)
Received: from mail-yw0-f179.google.com (mail-yw0-f179.google.com [209.85.161.179]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id D4FD52783A4 for <multipathtcp@ietf.org>; Fri, 10 Jun 2016 15:46:32 +0900 (JST)
Received: by mail-yw0-f179.google.com with SMTP id c72so58574837ywb.1 for <multipathtcp@ietf.org>; Thu, 09 Jun 2016 23:46:32 -0700 (PDT)
X-Gm-Message-State: ALyK8tKUmCd2NIuUJQ/xW5SjrwDgPvi3ZvMxnFtH7ZkwYCA3qiBVH8oHQjpLSHTu2fGukPsaCbYhbQMEBFXwsA==
X-Received: by 10.129.48.147 with SMTP id w141mr198042yww.266.1465541191380; Thu, 09 Jun 2016 23:46:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.196.3 with HTTP; Thu, 9 Jun 2016 23:46:30 -0700 (PDT)
In-Reply-To: <051C927C-9571-429A-89E6-278AAEA2A0B8@apple.com>
References: <CAO249yfkoF8oRzEbQHjxbJ3kuUX2m_GdCyvzzCWy+yxPqG5=3w@mail.gmail.com> <051C927C-9571-429A-89E6-278AAEA2A0B8@apple.com>
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Thu, 09 Jun 2016 23:46:30 -0700
X-Gmail-Original-Message-ID: <CAO249yesdzXmQcW_Y98TbFnhq5o16qqE6j=YrPqXvTRnArtCzQ@mail.gmail.com>
Message-ID: <CAO249yesdzXmQcW_Y98TbFnhq5o16qqE6j=YrPqXvTRnArtCzQ@mail.gmail.com>
To: Christoph Paasch <cpaasch@apple.com>
Content-Type: multipart/alternative; boundary="001a114086741db6ec0534e6e688"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/dulZtDswYn6eulJ77BhgSKZjaj0>
Cc: MultiPath TCP - IETF WG <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] q about draft-paasch-mptcp-application-authentication-00
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2016 06:46:38 -0000
Hi Christoph, On Tue, Jun 7, 2016 at 11:22 PM, Christoph Paasch <cpaasch@apple.com> wrote: > Hello Yoshifumi, > > > On Jun 7, 2016, at 8:04 AM, Yoshifumi Nishida <nishida@sfc.wide.ad.jp> > wrote: > > 1: I am wondering if this is an asymmetric scheme. I mean, if it can be > possible to use a token with G flag on one side, while a key without G flag > is used on the other side. It seems to me that the draft is a bit unclear > on this point, but I am guessing this might be typical for load-balancer > use case. I don't see incentive for client to use G flag in this case. > > it was intended to be an asymmetric scheme. I agree that the use of the > G-bit is not very clear in the draft. > > The way I see it is that the client signals to the server its > capabilities. It may thus set the G and the H bit at the same time. The > server then chooses which mode it uses and thus should only reply in the > SYN/ACK with one of the bits set. > > We will clarify this in the draft. > Thanks for the clarification. I got it. I was thinking about something like the followings, that's why I asked if it's an asymmetric. Host A Host B ---------------------- ---------- Address A1 Address B1 ---------- ---------- | | | SYN + MP_CAPABLE (H flag) | |--------------------------------------------->| |<---------------------------------------------| | SYN/ACK + MP_CAPABLE(token-B,G flag) | | | | ACK + MP_CAPABLE(Key-A, token-B,H flag) | |--------------------------------------------->| ---------- Address A2 ---------- | | | | | SYN + MP_JOIN(Token-B, R-A) | | |------------------------------->| | |<-------------------------------| | | SYN/ACK + MP_JOIN(HMAC-B, R-B) | | | | | | ACK + MP_JOIN(HMAC-A) | | |------------------------------->| | |<-------------------------------| | | ACK | HMAC-A = HMAC(Key=(Key-A+ (Token-B or B'), Msg=(R-A+R-B)) HMAC-B = HMAC(Key=(Token-B or B' +Key-A), Msg=(R-B+R-A)) You might think this is ridiculous or problematic, but I was just thinking about load-balancer use case and curious about the possibility. >From host A's point of view, it probably doesn't know whether host B is behind a balancer or not. So, I thought host A is less motivated to upgrade the application in order to support load balancer. You might presume host A will upgrade the app for TLS or some other reasons, but I thought it might not be always true. > > 2: How we should react if G and H flags are set in a packet? > > See above. > Sorry. This is minor thing, but I thought you might want to describe how to react when you see G and H are set in SYN/ACK or ACK. Thanks, -- Yoshi
- [multipathtcp] q about draft-paasch-mptcp-applica… Yoshifumi Nishida
- Re: [multipathtcp] q about draft-paasch-mptcp-app… Christoph Paasch
- Re: [multipathtcp] q about draft-paasch-mptcp-app… Alan Ford
- Re: [multipathtcp] q about draft-paasch-mptcp-app… Yoshifumi Nishida