Re: [tcpm] Updated version of draft-ietf-tcpm-converters-05
Olivier Bonaventure <olivier.bonaventure@tessares.net> Fri, 22 February 2019 10:43 UTC
Return-Path: <olivier.bonaventure@tessares.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD07F1277CC for <tcpm@ietfa.amsl.com>; Fri, 22 Feb 2019 02:43:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.178
X-Spam-Level:
X-Spam-Status: No, score=-1.178 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tessares-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmCruyKnHVOj for <tcpm@ietfa.amsl.com>; Fri, 22 Feb 2019 02:42:59 -0800 (PST)
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF673124BF6 for <tcpm@ietf.org>; Fri, 22 Feb 2019 02:42:58 -0800 (PST)
Received: by mail-wm1-x32b.google.com with SMTP id e74so1498241wmg.3 for <tcpm@ietf.org>; Fri, 22 Feb 2019 02:42:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares-net.20150623.gappssmtp.com; s=20150623; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to:content-transfer-encoding; bh=a3dev++QJX8LNVP7oTlYRy8wV/pe8/mmmmYbpqAl7z0=; b=zx90R3nsttjfza3kdarmCIhTmM77bkVzUE4gXvfnhzvElmKPnuy68mdpqGd2hA57Fp fTyF2VeUIhnLl+haXewgcTx9FBLUc45ZBjbiJfvKJeYVgC5ljl92OvQxLZ6oJsxDqKKr Xj3W34IEYkfi4rnX5ifscOWU3AVCEcEw3ONZGiOcUROO0VnqvrmLewHlPKRhmmf9ocJ5 xaIOr/T9H77bAgxlSz6k1y5dU4XwUqFvAik6EWpxF1VIkCsSLRVNkAegxowd0xEHvigv c55hK9R/3jt4NyeMyJm4uux/NnRtiJDtpmXo7yk3VpxF0hFAIX/aaAMxEtY8YMulh+pU DN4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to:content-transfer-encoding; bh=a3dev++QJX8LNVP7oTlYRy8wV/pe8/mmmmYbpqAl7z0=; b=D9ACDDu4+j5QvvKPtuD4YNXEQpjM8y3Dn19ZeN7HV1bsBp4rEK9Vu8jg2XtedKOUg2 jOh1TKSq4UntY1urSeyvHSgc5YSt+o1uhmPKSQP/1Natkc7G0Gj0GLaqcwMLrvEVg6qU MEge9CYcr4NwWy80cMEUWFZ6FI81BNiEPhaEi7SUPJCN4BCRn7JX2A+aGh4bHRGmJAGZ avG2AiIqsCXKbf6MWUpj5xzg7IK1pR81GqPXDfRg2pjFvQWTI/IkiaRPbzMT5OCh6YwS gJ1UgPMwJDHmEmg2tXKYF/AMt5Uq5EXY+e5TdhW4/bZZsv6HwLK/qZ0Ib8+hi05hjNY0 PxcQ==
X-Gm-Message-State: AHQUAuYXrSwKINpJzSEkxrOIeYK5WfC2PvwIJBdiJNLYWXk2Y2jnks6N obt5cL8DXm0KvtZyQMUI+2CXm8quORbGslhr0i0rRvxru0Xr1Tq7eeZGCAmEuK+tVvUpEmvG
X-Google-Smtp-Source: AHgI3IYAnPfKZ4wYIamH6aGAwfqbIpPjjyvV5XV7Bpy4N7tHuWbPehYI/vTJTmxcDgZo66jF26/QWA==
X-Received: by 2002:a7b:c214:: with SMTP id x20mr1952962wmi.62.1550832176830; Fri, 22 Feb 2019 02:42:56 -0800 (PST)
Received: from [10.44.66.8] (hag0-main.tessares.net. [87.98.252.165]) by smtp.gmail.com with ESMTPSA id w10sm943386wru.5.2019.02.22.02.42.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Feb 2019 02:42:55 -0800 (PST)
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
X-Apple-Auto-Saved: 1
X-Apple-Mail-Remote-Attachments: NO
From: Olivier Bonaventure <olivier.bonaventure@tessares.net>
X-Apple-Base-Url: x-msg://96/
In-Reply-To: <CAO249ycs3grfmcaVJem-swoAWMAU_boOc5csY-ZjWn5S8m0F5w@mail.gmail.com>
X-Apple-Windows-Friendly: 1
Date: Fri, 22 Feb 2019 10:37:13 +0100
Cc: mohamed.boucadair@orange.com, "tcpm@ietf.org" <tcpm@ietf.org>
X-Apple-Mail-Signature: SKIP_SIGNATURE
Message-Id: <C22A52DE-6666-44CF-B2F0-8BBA8A4D056F@tessares.net>
References: <9DD59801-36CE-407E-98F0-0BB1AAD514A7@tessares.net> <CAO249yc-eHAnOR7XfemQyJB+UVjmdtt43oZs+xJa=inZBBgp2w@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93302EA2273F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO249ycs3grfmcaVJem-swoAWMAU_boOc5csY-ZjWn5S8m0F5w@mail.gmail.com>
X-Uniform-Type-Identifier: com.apple.mail-draft
To: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
X-Mailer: Apple Mail (2.3445.102.3)
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/qVKxLbU-npQecoTNDsyMb5P6Zyc>
Subject: Re: [tcpm] Updated version of draft-ietf-tcpm-converters-05
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 10:43:02 -0000
I just thought that it might be good if we can be a bit more specific about what is not trying to solve.For example, in my understanding, these are not supported in this draft. (BTW, I think this is good thing.)1: servers do not initiate connection to converters
2: don't support "server has feature X, but client doesn't" cases
3: clients don't directly send SYNs to server when they need converter. (no transparent mode)By limiting the focus, I thought we can avoid having lengthy discussions on nasty corner cases.
We can discuss more complex architecture in future versions after we see this idea works well
3: I am not sure how TLS works when converter does mptcp conversions.
When a client have multiple subflows to a mptcp converter and use TLS for all subflows, can we establish an end-to-end TLS session between the client and the server?
[Med] Establishing an e2e TLS connection in the presence of a converter is similar to establishing such session in the presence of CGNs. This is already captured in the draft:
Similar to address sharing mechanisms, the architecture does not
interfere with end-to-end TLS connections [https://tools.ietf.org/html/rfc8446" title='"The Transport Layer Security (TLS) Protocol Version 1.3"' target="_blank" class="" rel="nofollow">RFC8446] between theClient and the Server (Figure 3).
Do you see a specific problem?
Please let me explain a bit more and point it out if I miss something.In case of mptcp converter, I think the connection will be like the below.1: client and converter establishes a mptcp session and it has multiple subflows. (say, subflows are s1, s2, .. s5)2: converter and server establish a single tcp connection. (say r1)Now, if all s1 from s5 use TLS for their connections and we want to use TLS for r1 as well, I think the converter will need to decrypt the payloads in s1 .. s5 and encrypt them for r1.But, this will mean that TLS session is separated by the converter.
- [tcpm] Updated version of draft-ietf-tcpm-convert… Olivier Bonaventure
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Yoshifumi Nishida
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Yoshifumi Nishida
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Olivier Bonaventure
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Olivier Bonaventure
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Yoshifumi Nishida
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Yoshifumi Nishida
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Yoshifumi Nishida
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Yoshifumi Nishida
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Scharf, Michael
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Yoshifumi Nishida
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Scharf, Michael
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Scharf, Michael
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Scharf, Michael
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… Yoshifumi Nishida
- Re: [tcpm] Updated version of draft-ietf-tcpm-con… mohamed.boucadair