[secdir] secdir review of draft-ietf-mptcp-attacks-02

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 23 October 2014 16:01 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6A05C1ACD2B; Thu, 23 Oct 2014 09:01:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id sOQkFh0kHUIT; Thu, 23 Oct 2014 09:01:19 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94FC61ACCF0; Thu, 23 Oct 2014 09:01:18 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id ge10so1121084lab.38 for <multiple recipients>; Thu, 23 Oct 2014 09:01:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=zlntVKiQxjSl4DavJmyJ4w+QIhXysrZG1D/Y3Qpvpl8=; b=GDekosbAtaUFK9feZC5LO+ppM/QSSUtp0c010Nk+aoiyznLA+WRuaOm97qfup9IPSy kiuRQmgq764dkiYFdS1yz6nERAtVgMHYxFWk1O5fJM4kgyzUfFmQPCwFTBFBLT5ElQZJ SlYBYEC2ZFtNyz5euzlRjiNq/4ziNDJ3EDIoRSNSng3DsyPQL/g3XHv5qSp8+tFNGPM7 5oDzNHnaeezgwTN5FyNkq21SAIuw0BbkzGhrhpKiagF6oBdNMXfmdPsE1oVKyM4l/Qbc oY2mza2Tqnc1I23wDZ9knhv2V2MAB+LFZ1aTKVb2h7f1MRoaoo0x5M2/fMo3vkLh1+FS 8YFg==
MIME-Version: 1.0
X-Received: by with SMTP id h8mr4376271lbo.91.1414080076395; Thu, 23 Oct 2014 09:01:16 -0700 (PDT)
Sender: hallam@gmail.com
Received: by with HTTP; Thu, 23 Oct 2014 09:01:16 -0700 (PDT)
Date: Thu, 23 Oct 2014 12:01:16 -0400
X-Google-Sender-Auth: WhaX_erWm1w5IN_-wDFDqGZ0enY
Message-ID: <CAMm+Lwi6VAT6jjX6r4v=k6gem0pN3mSsMKpHC2o3mPCQmXB-fw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: draft-ietf-mptcp-attacks.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="001a113365eca33bd40506192ca5"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/CyaFMlYZ-tC_owM78Y9okpNordI
Subject: [secdir] secdir review of draft-ietf-mptcp-attacks-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Oct 2014 16:01:20 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Top level: this is a core security document and requires detailed review by
the security area ADs.

Given the time constraints and the fact that this is a document describing
security options for an experimental protocol, I have not considered the
attacks or possible solutions in detail yet.

One general point is that the security model should explain what is
considered to be a security failure with a little more precision. Since
this is a transport layer protocol that does transport, end-to-end
confidentiality and integrity protections are more properly considered in
an above transport/below application layer protocol such as TLS.

The attacks that would be very damaging to multipath are attacks that
disrupt the channel in ways that the end-to-end component can't recover

Some nits:


HMAC is frequently used where MAC is the correct term of art. HMAC is one
construction of a MAC based on a hash function. This is quite likely not
the optimum technique for a protocol at this layer where AES acceleration
hardware is usually available and SHA-2/3 hardware is not. Moreover the MAC
approaches are much more efficient even in software as they can be streamed.

Section 1:

   o  Off-path attacker.  This is an attacker that does not need to be
      located in any of the paths of the MPTCP session at any point in
      time during the lifetime of the MPTCP session.  This means that
      the Off-path attacker cannot eavesdrop any of the packets of the
      MPTCP session.

Having singled out the type of attacks that can't be made, the attacks that
can should be mentioned as well. Or better still, state that the attacks
are limited to active attacks.

Since the attack classification is referenced in the attacker
classification, better to describe the attacks first.