Re: [multipathtcp] MPTCP backup flag attack via MP_PRIO message

Alan Ford <alan.ford@gmail.com> Fri, 21 July 2017 07:45 UTC

Return-Path: <alan.ford@gmail.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD56312714F for <multipathtcp@ietfa.amsl.com>; Fri, 21 Jul 2017 00:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ySLhVCg8txZI for <multipathtcp@ietfa.amsl.com>; Fri, 21 Jul 2017 00:45:07 -0700 (PDT)
Received: from mail-wr0-x22d.google.com (mail-wr0-x22d.google.com [IPv6:2a00:1450:400c:c0c::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06CAF124217 for <multipathtcp@ietf.org>; Fri, 21 Jul 2017 00:45:07 -0700 (PDT)
Received: by mail-wr0-x22d.google.com with SMTP id f21so22597511wrf.5 for <multipathtcp@ietf.org>; Fri, 21 Jul 2017 00:45:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=BU0Y/AQBb+n3M8564odzFF0wTg5rsv4e4NMd6HcBkr8=; b=YAEQqcfb3WjuKMirtFIXTjd19LljwsebjgQaNYFIbJFinELRSNzjehl9gqv6qpgffq sODUK/EMkszgiQddCnPGI+QxITI7tqz9zIM0uZGmhyMS0qqFwd5ux3/kZ9YDDljew7bC E+u6FNTxo0SriktnIWtoYLYlPF98xk/Uu067fR/6R/WHACkzMDrzqpPzxkIbEWDQkZSS zxWkyc8liUdJH3mI0P+GbBjqLLR3y5kYQPWWz3DUxhU406prNubOqIHyxzThhST6MF42 OSO8qT0ryIKWvHFWypmbga7hOAt2OhUfW63nrb8xR0yKpMYpBWZIvUvmlAhAnFfnTlxF myFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=BU0Y/AQBb+n3M8564odzFF0wTg5rsv4e4NMd6HcBkr8=; b=q962WWabvLy9dBQXzriW3fRIzlyqEx0mKssHu/Jl0hyESWksx0UhNSyMHhoAX3ujFl kRiFM7u2gXesNW+YISylEDJ155U8A4wSqZ4AOx+xDk88NSfCOhyhWSpDGOpvsjQlkR6D jhCfSy6TXI/U3Jr8SZzzLRWrqLp8vK8Ma/65pwz//f6Az/7siiVGafHvTZytKjaxKE7e Z5aPJ+uxoOH0ZRpaYRQZILaU8gRo63U531Oabc62Rfl0eRHTzYBkhQGM8ctXlnSVLT91 yLZwr5+9SFBoi1Q1Z838ZxYrcLbDoeyv8cLtVcR62cbCJcyTLg2U/cGyB7rQpCMnuhP7 xvJw==
X-Gm-Message-State: AIVw112j9/PZRhwfwzD8PJSNOu0fNgRDh5Jt1yjXBoZwRTcCQRCs/BQa 7bvVoNo4GZO2CA==
X-Received: by 10.223.176.164 with SMTP id i33mr5383271wra.221.1500623105616; Fri, 21 Jul 2017 00:45:05 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:128:3d2a:5e4a:b918:5c02? ([2001:67c:370:128:3d2a:5e4a:b918:5c02]) by smtp.gmail.com with ESMTPSA id l46sm8853681wrl.15.2017.07.21.00.45.04 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 21 Jul 2017 00:45:04 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_5A1BA00F-2C67-4C39-A2F9-7208801997BB"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alan Ford <alan.ford@gmail.com>
In-Reply-To: <CAO249ydZzvyigoZqUp=igH2aPGRZJVaerQvsoiTcOTiXpb7v3w@mail.gmail.com>
Date: Fri, 21 Jul 2017 08:45:03 +0100
Cc: Christoph Paasch <cpaasch@apple.com>, Ali Munir <munirali@msu.edu>, multipathtcp <multipathtcp@ietf.org>, Franck Le <fle@us.ibm.com>, Alex Liu <alexliu@cse.msu.edu>, Zubair <zubair-shafiq@uiowa.edu>
Message-Id: <FD7F4B1C-A8F0-4A2E-A224-AF0F5CBCB815@gmail.com>
References: <800c331f808d608354fc00be24283cb6.squirrel@webmail.cs.ucr.edu> <742E211F-F754-4149-88E2-3BE51645F49D@gmail.com> <c0929925-1b3a-e36c-511d-bda3da312a71@uclouvain.be> <20170720152058.GJ3049@Chimay.local> <D13C88F7-2CB6-4D84-9FAD-DA10FEE7546C@gmail.com> <CAO249ydZzvyigoZqUp=igH2aPGRZJVaerQvsoiTcOTiXpb7v3w@mail.gmail.com>
To: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/fwrA4qii9EG-qPT1WWSa8qWCBm0>
Subject: Re: [multipathtcp] MPTCP backup flag attack via MP_PRIO message
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 07:45:09 -0000

Hi Yoshi,

> On 20 Jul 2017, at 22:22, Yoshifumi Nishida <nishida@sfc.wide.ad.jp> wrote:
> 
> On Thu, Jul 20, 2017 at 8:33 AM, Alan Ford <alan.ford@gmail.com <mailto:alan.ford@gmail.com>> wrote:
> 
> So the main reason for this was to permit the signalling of backup for a subflow which was also signalled via ADD_ADDR. ADD_ADDR does not have a ‘B’ bit in it, so the priority would be signalled separately.
> 
> I think adding 'B' bit in ADD_ADDR has been proposed to be added in the bis draft. 
> I have seen a few supports while haven't seen any oppositions. 
> Do we need more discussions on this?

Actually on further reflection (i.e. Christoph and Olivier reminding me offline), this would be unnecessary, since MP_JOIN has a ‘B’ bit so it is not required in ADD_ADDR.

Given this I can see no reason to have the Address ID in MP_PRIO and feel we can remove it.

(The proposal for a bit in ADD_ADDR was, I believe, as a “do not even attempt to establish to this address unless all other subflows fail - which is different to the ‘B’ semantics in MP_PRIO and MP_JOIN)

Regards,
Alan