IETF Logo Mail Archive

Re: [multipathtcp] High-level design decisions /architecture

marcelo bagnulo braun <marcelo@it.uc3m.es> Mon, 02 November 2009 19:27 UTC

Return-Path: <marcelo@it.uc3m.es>
X-Original-To: multipathtcp@core3.amsl.com
Delivered-To: multipathtcp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2FA2E3A67DD for <multipathtcp@core3.amsl.com>; Mon, 2 Nov 2009 11:27:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.452
X-Spam-Level:
X-Spam-Status: No, score=-6.452 tagged_above=-999 required=5 tests=[AWL=0.147, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbUuHax6fB14 for <multipathtcp@core3.amsl.com>; Mon, 2 Nov 2009 11:27:50 -0800 (PST)
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.176.133]) by core3.amsl.com (Postfix) with ESMTP id 1BF8628C104 for <multipathtcp@ietf.org>; Mon, 2 Nov 2009 11:27:49 -0800 (PST)
Received: from marcelo-bagnulos-macbook-pro.local (unknown [95.18.31.227]) by smtp03.uc3m.es (Postfix) with ESMTP id 6782A7F43C3; Mon, 2 Nov 2009 20:28:08 +0100 (CET)
Message-ID: <4AEF32BB.7020103@it.uc3m.es>
Date: Mon, 02 Nov 2009 20:27:55 +0100
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: philip.eardley@bt.com
References: <4A916DBC72536E419A0BD955EDECEDEC06363A62@E03MVB1-UKBR.domain1.systemhost.net>
In-Reply-To: <4A916DBC72536E419A0BD955EDECEDEC06363A62@E03MVB1-UKBR.domain1.systemhost.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-5.6.0.1016-16986.000
Cc: multipathtcp@ietf.org
Subject: Re: [multipathtcp] High-level design decisions /architecture
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2009 19:27:51 -0000

philip.eardley@bt.com escribió:
>
> Security
>
> ======
>
>     * exchange a token in the initial SYN for the MPTCP connection,
>       and include the token when subflows /paths are added to the
>       connection
>           o [Question: Is the same token used whether the sender or
>             receiver (of the MPTCP connection) adds the subflow? Is
>             the same technique used for removing subflows? And closing
>             connections, ie DATA FIN?]
>

I have been thinking about alternatives mechanisms that without 
requiring heavy crypto would remove the threats from passive on path 
attackers that can laucnhh attacks to the token based security (and 
require the attacker to actively change the traffic in order to launch 
the attack). I think this could be worth considering since the work 
required by the
I haven't been able to write an ID about that just yet, but i was hoping 
to do something in the few next weeks.

Regards, marcelo



>          o
>
>
>
>
>     * security mechanisms will not interfere with end-to-end
>       authentication etc and will be compatible with legacy middleboxes
>
> Modularity
>
> ========
>
> · the architecture has 2 components, multipath scheduler & path 
> manager – meaning that improved /different modules of each can be 
> slotted in
>
> o [Comment: it is unclear from the Architecture i-d how the congestion 
> control & protocol i-ds map to these components; some of the text 
> (strangely?) appears in a section about implementation]
>
> o [Question: what are the mechanisms for evolvability? How is it 
> negotiated which new module (for congestion control or path manager) 
> to use?]
>
> o [Question: this would seem to imply we need to define an interface 
> between the modules?]
>
> · there is a default path manager module, meaning it is the MUST 
> fall-back option
>
> o [Comment: the charter restricts us - the path manager we work on 
> will distinguish paths by multiple addresses]
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp
>

v2.23.0 | Report a Bug | By Email