IETF Logo Mail Archive

Re: [tcpm] Updated version of draft-ietf-tcpm-converters-05

<mohamed.boucadair@orange.com> Wed, 27 February 2019 09:41 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 368F4130EFE for <tcpm@ietfa.amsl.com>; Wed, 27 Feb 2019 01:41:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tH1E7bGIDmvs for <tcpm@ietfa.amsl.com>; Wed, 27 Feb 2019 01:41:25 -0800 (PST)
Received: from orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80598130EDE for <tcpm@ietf.org>; Wed, 27 Feb 2019 01:41:25 -0800 (PST)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) by opfednr22.francetelecom.fr (ESMTP service) with ESMTP id 448W0M4Xdtz10Db; Wed, 27 Feb 2019 10:41:23 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.89]) by opfednr00.francetelecom.fr (ESMTP service) with ESMTP id 448W0M3gwrzDq7h; Wed, 27 Feb 2019 10:41:23 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM44.corporate.adroot.infra.ftgroup ([fe80::e8a4:8bb:d7c2:f4e2%21]) with mapi id 14.03.0435.000; Wed, 27 Feb 2019 10:41:23 +0100
From: mohamed.boucadair@orange.com
To: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
CC: "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: [tcpm] Updated version of draft-ietf-tcpm-converters-05
Thread-Index: AQHUznxbNIRNw64+R0auIjslADG3PqXzYqQw
Date: Wed, 27 Feb 2019 09:41:23 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA25F61@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <9DD59801-36CE-407E-98F0-0BB1AAD514A7@tessares.net> <CAO249yc-eHAnOR7XfemQyJB+UVjmdtt43oZs+xJa=inZBBgp2w@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93302EA2273F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO249ycs3grfmcaVJem-swoAWMAU_boOc5csY-ZjWn5S8m0F5w@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93302EA23CC3@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B93302EA24AC5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO249yeALw7PJnKxkLVMr2q4-qeB_-fMwc7HW+3f-mX-s+RQag@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93302EA25443@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO249ydNzjkpxogU+1RNY-_aOa6XGMu7J-zmfv0NGcjFF3u9Ag@mail.gmail.com>
In-Reply-To: <CAO249ydNzjkpxogU+1RNY-_aOa6XGMu7J-zmfv0NGcjFF3u9Ag@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B93302EA25F61OPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/rsXlIIXr7Sk9QjhN-LSz22jp8ZU>
Subject: Re: [tcpm] Updated version of draft-ietf-tcpm-converters-05
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 09:41:28 -0000

Hi Yoshi,

Please see inline.

Cheers,
Med

De : Yoshifumi Nishida [mailto:nishida@sfc.wide.ad.jp]
Envoyé : mercredi 27 février 2019 10:10
À : BOUCADAIR Mohamed TGI/OLN
Cc : Yoshifumi Nishida; tcpm@ietf.org
Objet : Re: [tcpm] Updated version of draft-ietf-tcpm-converters-05

Hi Med,

I put my comments,

On Mon, Feb 25, 2019 at 10:42 PM <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>> wrote:

De : Yoshifumi Nishida [mailto:nishida@sfc.wide.ad.jp<mailto:nishida@sfc.wide.ad.jp>]
Envoyé : lundi 25 février 2019 19:35
À : BOUCADAIR Mohamed TGI/OLN
Cc : Yoshifumi Nishida; tcpm@ietf.org<mailto:tcpm@ietf.org>
Objet : Re: [tcpm] Updated version of draft-ietf-tcpm-converters-05

Hi Med,

Thanks for the updates. I have one question.
When the converter does mptcp conversion and the client wants to use TLS for the connection, how TLS is used?

[Med] TLS is managed e2e between the client and the server. The converter can only read/strip data that is supplied by the client for the conversion service. Unlike data exchanged between the client and the server, the data used for conversion purposes is supplied in clear between the client and the converter.

From a functional standpoint, the establishment of TLS between the client and the server is similar to the establishment of such session when a NAT/NAT6 is on-path.

Yes, when the converter does non-mptcp conversion, I think the above texts are correct.
[Med] If it is OK for simple TCP, then it should be OK for MPTCP:

·         Subflows are externally seen as simple TCP connections.

·         MPTCP glue is at the TCP level.

·         The establishment of TLS between the client/server is done using the initial subflow.

·         The same external IP address is used by the converter for all subflows of a given MPTCP connection.

  Does this means TLS will be used only between the converter and the server, but not used between the client and the converter?
[Med] No. TLS is managed directly between the client and the converter. The scope is as follows:

In my understanding, in case of mptcp + TLS case, I think it should be (A) architecture.
To be precise, it will be like this.

C------Converter-----S
<========><==========>
<========>
<========>
<========>
   TLS        TLS

So, I think it means mptcp + TLS case is out of focus for this draft. (which is fine with me.)

[Med] This is out of scope.

Or, you can make a special exception to break end-to-end principle in this case.
But, I think it would be good if the draft clarifies this point.

[Med] We added this NEW text: ““It is out of scope of this document to elaborate on considerations related to the use of TLS in the Client-Converter connection leg to exchange conversion-supplied data”

v2.23.0 | Report a Bug | By Email