IETF Logo Mail Archive

Re: [multipathtcp] WG Last Call for draft-ietf-mptcp-rfc6824bis

Christoph Paasch <cpaasch@apple.com> Wed, 18 July 2018 14:53 UTC

Return-Path: <cpaasch@apple.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 037FA130DD3 for <multipathtcp@ietfa.amsl.com>; Wed, 18 Jul 2018 07:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9YO6YipvNT6 for <multipathtcp@ietfa.amsl.com>; Wed, 18 Jul 2018 07:53:49 -0700 (PDT)
Received: from mail-in21.apple.com (mail-out21.apple.com [17.171.2.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22B8C130F9F for <multipathtcp@ietf.org>; Wed, 18 Jul 2018 07:53:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1531925628; x=2395839228; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=aHWaErI2QbQ6qksNaxMvAxZcVefbHyLqk8cWnoCZRCE=; b=rVu1NJeh2gItXvE3BepNoBoms/11sPJQJjioqGlwLMjHGAy8C+5qICb+SAymbsFn MYUd+JcL3klzr5HKds9NSj70XaOGtSJUU2aJqa++OMPq8924+OP1SqmlBfG2JkBM qYzaqgVCvA7Q6Nc69qflJYaUY7OQPdLSlc/A9ovBbvZ4O4G4GQTpM8qRlCMJeC5k o8ETwHeF6H4q3D1jh89daXdkqLyudgwLmTwMULSFhDXMK2jTIOYUv16j2oJPGwmG EL+vSBiVpE/jAFc/sU0kqztCPZHj6LyjpcURh78Qg931vQeQo9V+DXhWy2qF8RqE ts5Exapa6UezKJ/lt9jIFQ==;
X-AuditID: 11ab0215-217ff70000002a18-b1-5b4f547b9b03
Received: from mr2-mtap-s03.rno.apple.com (mr2-mtap-s03.rno.apple.com [17.179.226.135]) (using TLS with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mail-in21.apple.com (Apple Secure Mail Relay) with SMTP id 82.B2.10776.C745F4B5; Wed, 18 Jul 2018 07:53:48 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-type: text/plain; CHARSET="US-ASCII"
Received: from nwk-mmpp-sz11.apple.com (nwk-mmpp-sz11.apple.com [17.128.115.155]) by mr2-mtap-s03.rno.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) with ESMTPS id <0PC2009UOHDNDW90@mr2-mtap-s03.rno.apple.com>; Wed, 18 Jul 2018 07:53:47 -0700 (PDT)
Received: from process_viserion-daemon.nwk-mmpp-sz11.apple.com by nwk-mmpp-sz11.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) id <0PC200200H91GT00@nwk-mmpp-sz11.apple.com>; Wed, 18 Jul 2018 07:53:47 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 858e2f4dae29a6016c98c8320829244c
X-Va-E-CD: 3bbd785c51ace3f981efd92bc4e82048
X-Va-R-CD: 2b9cdb0e57a359d759a3675f8c35d2a7
X-Va-CD: 0
X-Va-ID: 607253ef-ab07-492a-a635-e63ad736d7b5
X-V-A:
X-V-T-CD: 858e2f4dae29a6016c98c8320829244c
X-V-E-CD: 3bbd785c51ace3f981efd92bc4e82048
X-V-R-CD: 2b9cdb0e57a359d759a3675f8c35d2a7
X-V-CD: 0
X-V-ID: 23496a6a-1a8a-4226-9b94-0b0f005ebac1
Received: from process_milters-daemon.nwk-mmpp-sz11.apple.com by nwk-mmpp-sz11.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) id <0PC200H00GW18P00@nwk-mmpp-sz11.apple.com>; Wed, 18 Jul 2018 07:53:46 -0700 (PDT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-07-16_06:,, signatures=0
X-Proofpoint-Scanner-Instance: nwk-grpmailp-qapp18.corp.apple.com-10000_instance1
Received: from localhost ([17.235.39.85]) by nwk-mmpp-sz11.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) with ESMTPSA id <0PC200AH9HDL1R60@nwk-mmpp-sz11.apple.com>; Wed, 18 Jul 2018 07:53:46 -0700 (PDT)
Sender: cpaasch@apple.com
Date: Wed, 18 Jul 2018 10:53:45 -0400
From: Christoph Paasch <cpaasch@apple.com>
To: philip.eardley@bt.com
Cc: multipathtcp@ietf.org
Message-id: <20180718145345.GP1471@MacBook-Pro-19.local>
References: <0dd5e48298ed4b4fb7344630abc794b7@rew09926dag03b.domain1.systemhost.net> <39fbc9f18384473398fca38670c73cf6@rew09926dag03b.domain1.systemhost.net> <fb645222b2dd4f78a45770c09babf99d@rew09926dag03b.domain1.systemhost.net>
In-reply-to: <fb645222b2dd4f78a45770c09babf99d@rew09926dag03b.domain1.systemhost.net>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrIIsWRmVeSWpSXmKPExsUiuPlRu25NiH+0we2LEhafV19ns1i2dgWj A5NH25fJTB5LlvxkCmCK4rJJSc3JLEst0rdL4Mron6hYsM274uLWDrYGxk12XYycHBICJhKP t/1jBrGFBA4ySUxbkgVi8woISvyYfI+li5GDg1lAXuLgeVmQMLOAtMSjvzPYIWwtie+PWlkg WtczSWx/p9jFyAVkdzFJ/L3VwAoxn13iz68dLBC2tsTpx9PYYOy/yyEGgdgHft+FinNJLNh6 GqpXV+L5wjNQcTaJ9SeWMEHYWhJHFx5ihLGvvZnICmPfvv+RGcLmlDj/ZSLUfB2J1Z17mCGO 62SS2DRrGRvIYxIC2RKdmyogzGCJ/W+VIUoamCRefe0A2yssICnRfecO2EwWAVWJiU0nwXax Ae16e7sdzBYBqlmxfRUbJFCA7L+fWCF6PSSeX57LDglPC4nlHWcZIRa8YZR4evII6wRGpVlI YT0LEdazkMJ6FlJYL2BkWcUonJuYmaObmWdkqJdYUJCTqpecn7uJEZQmVjOJ7mCc/8rwEKMA B6MSD2/GX99oIdbEsuLK3EOM0hwsSuK8H3eJRQsJpCeWpGanphakFsUXleakFh9iZOLglGpg ZJ22PKDZ47aO3gOz3P9e+7e03Lq8wN7fUPZc6ML3pbplfsv66rTu+QU75enFRy1ceSr7d8Cq FLnFXH5ufNzm7g6ySTp1TblFf7nT85rF99y/HPzN4Nk0ke39q4LmuqgxONXZLnSx09joxd+z pcbg4vm0/Uw5lvFnFl69lNOUfaItbuW22PlKLMUZiYZazEXFiQATiUyk9AIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/z1a5kNrHNl6XafTVKmDQAV-OkjA>
Subject: Re: [multipathtcp] WG Last Call for draft-ietf-mptcp-rfc6824bis
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 14:53:52 -0000

Hello Phil,

this summary looks good to me.


Cheers,
Christoph

On 05/07/18 - 08:20:50, philip.eardley@bt.com wrote:
> Hi,
> Fyi I prepared some text describing the main differences between the bis and rfc6824, and the reasons for those changes. I wrote it in the context of helping the IESG when they get to reviewing it - but I thought it might be useful to helping prompt WG comments at this stage (which we urgently need). The text is draft.
> Best wishes,
> Phil
> 
> --
> This summarises the changes in draft-ietf-mptcp-rfc6824bis compared to the RFC6824. 
> https://tools.ietf.org/rfcdiff?url1=https://www.ietf.org/id/draft-ietf-mptcp-rfc6824bis-11.txt&url2=https://www.rfc-editor.org/rfc/rfc6824.txt   
> 1.	It obsoletes RFC6824. This is considered a replacement for RFC6824, as it improves it in several ways. It is not backwards compatible with RFC6824 (the protocol changes in #4 and #9 in particular). 
> 2.	Its Intended Status is Standards Track. RFC6824 is an Experimental Track document. When it was completed, it was agreed to re-charter the WG with the primary goal to create a bis version of the protocol document on the Standards track. 
> a.	The bis incorporates lessons learnt from the various implementations, deployments and experiments. RFC8041 discusses "Use Cases and Operational Experience with Multipath TCP" https://tools.ietf.org/html/rfc8041 and an IETF Journal article describes "Multipath TCP Deployments" https://www.ietfjournal.org/multipath-tcp-deployments/ 
> b.	In summary, MPTCP is extensively deployed, especially on smartphones (it is in Apple's iOS and macOS operating systems and is in several models of commercial Android smartphones), and is also deployed in some hybrid access networks.  
> c.	The 'reference', maintained Linux implementation of RFC6824 is available at https://multipath-tcp.org/ 
> d.	RFC6824bis-11 has been implemented in Linux, but has not been released (yet).
> 3.	Christoph Paasch is added as an author, as he proposed several of the new elements
> 4.	Connection initiation, through the exchange of the MP-CAPABLE MPTCP option, is different from RFC6824. Assuming that host A sends the SYN and ACK, and host B sends the SYN-ACK:-
> a.	Unlike RFC6824, the SYN doesn't include A's key (it is still sent in the ACK). This change means that A's key, which is sent in the clear, is not sent until B is known to be MPTCP-enabled.
> b.	The ACK can include data. This change means that A can send data without having to wait for B to send it data, as only then can it be sure the ACK has been received. To handle this case, the MP-CAPABLE option includes fields with the Data-Level Length and optionally a Checksum. 
> c.	In the Flags field, C is now assigned to mean that the sender of this option will not accept additional MPTCP subflows to the source address and port. This is an efficiency improvement, for example where the sender is behind a strict NAT.
> d.	In the flags field, D now indicates the use of HMAC-SHA256 (rather than HMAC-SHA1).
> 5.	Connection initiation also defines the procedure for version negotiation, for implementations that support both v0 (RFC6824) and v1 (RFC6824bis). The initiator indicates the highest version it supports, the responder indicates if it supports this version. To prevent a downgrade attack, the initiator SHOULD fall back to regular TCP, alternatively it MAY establish a new connection with the lower version of MPTCP. 
> 6.	The HMAC-SHA256 (rather than HMAC-SHA1) algorithm is used, as the algorithm provides better security. It is used to generate the token in the MP_JOIN and ADD_ADDR messages, and to set the initial data sequence number.
> 7.	As in RFC6824, a TCP RST for the subflow re-sets the subflow, or (in response to MP_JOIN) rejects an attempt to open a subflow. The change is that the process is enhanced by adding a MP_TCPRST Option:-
> a.	The new option includes a flag indicating whether the error condition is permanent or temporary, and a field with the "MP_TCPRST Reason Code", which indicates why the TCP RST is being sent. 
> b.	The receiving host MAY use this information to decide, for example, whether it tries to re-establish the subflow immediately, later, or never.
> c.	IANA is requested to create a further sub-registry with the "MP_TCPRST Reason Codes". 
> 8.	The MP_PRIO option, which is used to signal a change of priority for a subflow, no longer includes the AddrID field. Its purpose was to allow the changed priority to be  applied on a subflow other than the one it was sent on. However, it has been realised that this could be used by a man-in-the-middle to divert all traffic on to its own path, and this is an easy attack since MP_PRIO does not include a token or other security mechanism. The issue was discussed at IETF-99 and since no implementer was known to use the address identifier on MP-PRIO, it was agreed that the best approach was to remove it.
> 9.	The ADD_ADDR option, which is used to inform the other host about another potential address, is different in several ways:
> a.	It now includes an HMAC of the added address. This is for enhanced security. The RFC6824 procedure for adding an address is open to an attack where an off-path attacker creates a spoofed ADD_ADDR that enables it to hijack an MPTCP-enabled connection. Including an HMAC in the ADD_ADDR message makes it as secure as MP_JOIN. 
> b.	This was the primary driver for incrementing the version number. This was first discussed at an interim meeting in 2015 and subsequently at IETF-96. The WG consensus was that this approach was better than incorporating an alternative add address mechanism within an enhanced version 0 of the protocol. The problem and solution is discussed further in RFC7430.
> c.	Reliability for the ADD_ADDR option. The IPVer field is replaced with a flag field (the IP version field was not useful, since it is known anyway), and one flag is assigned (E) which is used as an 'Echo' so a host can indicate that it has received the option. Hence this provides reliability for the ADD_ADDR option. 
> 10.	An additional way of performing a Fast Close is described. The host sends a RST containing the MPT_FASTCLOSE option on all subflows. This allows the host to tear down the subflows and the connection immediately. 
> 11.	In the IANA registry a new MPTCP subtype option, MP_EXPERIMENTAL, is Reserved for private experiments. However, the document doesn't define how to use the subtype option. 
> 12.	A new Appendix discusses the usage of both the MPTCP and TCP Fast Open on the same packet. The two main issues are discussed: 
> a.	The potential lack of enough option space in a TCP packet. This is more likely to be an issue on the SYN+ACK packet, and the suggestion is to use a shorter TFO cookie if necessary.
> b.	A potential problem with data sequence mapping under some circumstances. The suggestion is that the TFO data is not considered part of the Data Sequence Number space.
> 
> -----Original Message-----
> From: Eardley,PL,Philip,TUD1 R 
> Sent: 04 July 2018 08:31
> To: 'multipathtcp@ietf.org' <multipathtcp@ietf.org>
> Subject: RE: WG Last Call for draft-ietf-mptcp-rfc6824bis
> 
> We urgently need your comments about this document. 
> 
> It's been in WG last call for just on 4 weeks, but I think the only comments so far are from the WG chairs - clearly we need more comments before the document can advance. We'd like to discuss and close issues before or during the IETF.
> 
> So please can you dedicate some time to checking the document.
> 
> Thanks,
> Phil & Yoshi
> 
> -----Original Message-----
> From: Eardley,PL,Philip,TUD1 R 
> Sent: 26 June 2018 08:33
> To: multipathtcp@ietf.org
> Subject: RE: WG Last Call for draft-ietf-mptcp-rfc6824bis
> 
> Hi,
> Just a reminder about the WGLC for the protocol bis. Please send comments, Thanks!
> Phil & Yoshi
> 
> -----Original Message-----
> From: multipathtcp [mailto:multipathtcp-bounces@ietf.org] On Behalf Of philip.eardley@bt.com
> Sent: 05 June 2018 12:21
> To: multipathtcp@ietf.org
> Subject: Re: [multipathtcp] WG Last Call for draft-ietf-mptcp-rfc6824bis
> 
> As a reminder, this document Obsoletes: 6824 (if approved) and its Intended status is Standards Track.
> 
> As well as suggested changes or edits, positive review comments ("It's ready") are also very valuable. 
> 
> -----Original Message-----
> From: multipathtcp [mailto:multipathtcp-bounces@ietf.org] On Behalf Of philip.eardley@bt.com
> Sent: 05 June 2018 09:14
> To: multipathtcp@ietf.org
> Subject: [multipathtcp] WG Last Call for draft-ietf-mptcp-rfc6824bis
> 
> This starts a WG Last Call for draft-ietf-mptcp-rfc6824bis. Please send comments by the end of June. 
> 
> Please note there are three IPR disclosures (we're working on getting them added to the rfc6824bis page): 
> 
> * two are inherited from RFC6824  https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-ietf-mptcp-multiaddressed    
> * one is inherited from draft-paasch-mptcp-syncookies (which got include in rfc6824bis) https://datatracker.ietf.org/ipr/2678/ 
> 
> Thanks,
> Phil & Yoshi
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp
> 
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp
> 
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@ietf.org
> https://www.ietf.org/mailman/listinfo/multipathtcp

v2.23.0 | Report a Bug | By Email