[tsvwg] First review of draft-ietf-tsvwg-multipath-dccp-09
Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be> Tue, 18 July 2023 09:42 UTC
Return-Path: <olivier.bonaventure@uclouvain.be>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6731FC151094; Tue, 18 Jul 2023 02:42:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uclouvain.be
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 650BnKXG-Xjq; Tue, 18 Jul 2023 02:42:07 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on2123.outbound.protection.outlook.com [40.107.15.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAE6FC15107D; Tue, 18 Jul 2023 02:42:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IA5b+i466Ladq8+B1RV0unbuC+kBz2Pi42pLYO5Rq1yiQNHDbU60dja0FiutyzP6dmUp6nS3mcUXahqd7piYYQCw4sQngzDYbpINX/TDhNIz1J5jTSnaHc7RfhsgsDLjtV4C6TbqQJs7BKPhcCzIJKkAILhNsMuu3vn5qSn4IVGxnvAIcUPiASOWKM33W73GawIvG+cxCWTiBpDfNR6y5RUYc/uav6aycLzkAyiTcTfSnJquYeyMPL0wpIXZ8/fidZQCP+rnI2aa2QABitRXRAdeScaQIu2PbE2WHQhGGKzGM1Wx9Cirgw+n1yc/qSjAYHRTTdyoms8AevJW3eqghg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Fis6uMFBLoUHuuPUtIE92nhlX0e+xWX5rpRTGESwW1w=; b=T/ddeK9bxm9Kj2DMZVBipaF1goTibHinmAK0/ToA7zILoBrocgvQxryOn82w/H84Jq5ZY2sDBFmzgGeBDSFUJzOTqVMX8oRif2iXZpI25UgvFdUXyV2DdUSZAKsvUTsXQKu241TOgC5CVruy/FZN/Lhlp7BLp20UyqDB19isOLY991ixxUqWJtEe1RNxhd25k+MqNpguGx8miAq6qkkFxiqHd3iBXVQMpblBp/ROOW2mPTdGPPPfgilUTdJE3XsP5KRylaWbH5AsgKP4Zu9BQeagOFAGrsG+a7Xze21DqAT2mBb2oustFH0b1KUhYXQt6njUepaI/wgSvp1m4iG5Jg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uclouvain.be; dmarc=pass action=none header.from=uclouvain.be; dkim=pass header.d=uclouvain.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uclouvain.be; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Fis6uMFBLoUHuuPUtIE92nhlX0e+xWX5rpRTGESwW1w=; b=M+jcbkStqfiEp7FTvbHxb71sz8IygRRNbsWi9fZtLHe4mHprCaZnGbTYDuW4G7qgfHAdeSDvtfueQtTRJWIpGyX/zEgdmRblU1Wup3mrwLLguDV0dGoFKP9I/ecImluihWG7L+ZEWBG5XDlpHr+JvVfRvFDDKFW6JWsjwt8y/fl3IwgdL1buYX6RajLfDbot4PYlBgJ2vaM7VY465gd/SnONXxyvV6FB1ArS/fWwTtIA3o6isuukH+eZfEGsHm6FY2wRE+Yr4dDPP08thvSlyz43CrXw8SmLrAOU9A3oljOfX1qtCa4SxhGKLl0p8eT/LVQgFN51AT58pPAdBSeXGQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uclouvain.be;
Received: from AM7PR03MB6642.eurprd03.prod.outlook.com (2603:10a6:20b:1bf::6) by DU0PR03MB8366.eurprd03.prod.outlook.com (2603:10a6:10:3be::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6588.31; Tue, 18 Jul 2023 09:42:04 +0000
Received: from AM7PR03MB6642.eurprd03.prod.outlook.com ([fe80::40fc:a8d1:42f8:26ff]) by AM7PR03MB6642.eurprd03.prod.outlook.com ([fe80::40fc:a8d1:42f8:26ff%3]) with mapi id 15.20.6588.031; Tue, 18 Jul 2023 09:42:04 +0000
Message-ID: <ff080370-9c5c-2843-fad0-3b758fe8262f@uclouvain.be>
Date: Tue, 18 Jul 2023 11:42:03 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.13.0
Reply-To: Olivier.Bonaventure@uclouvain.be
Content-Language: en-US
To: draft-ietf-tsvwg-multipath-dccp@ietf.org
Cc: tsvwg@ietf.org
From: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: AM0PR06CA0133.eurprd06.prod.outlook.com (2603:10a6:208:ab::38) To AM7PR03MB6642.eurprd03.prod.outlook.com (2603:10a6:20b:1bf::6)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM7PR03MB6642:EE_|DU0PR03MB8366:EE_
X-MS-Office365-Filtering-Correlation-Id: 715cfa46-11d3-424e-08a6-08db87733e4c
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: xsbZJmGqIwWKPxQlMhqfTOoDaK5jRSlSW54cFzkfU9L5J5l2lwy0bCtNr1tSG0M8F035BRSz8DkVnT21TM1ISu4K8sVVvcdeThvX9IKgqSGuKt+loEUbMbqaS2OqiOShBn25JRpGhF3gAPitxh2nZV6ZEW24MQE59zRHq2nvquh/XTayrQ0D78ZMcSlTUqBl0iVp0Y1sslSmeA0xdKj6rqkgrPOOwCB7TaZYjGAj5lsr1Q05xNEPmDqcxvb9yk50zfpuFMfyHM1M2z7RRoDV6ULnFNjejx2f7M2raCywIU8/i45y8eoRgCmMzwyFHbh76p43MuyEqL0w/64s18cB1sozTZuvmBg7UTsLL02pt0d/LtIwDH0ttmGQ67wRV/MY6rwCQ6o+CdwqynmPZBDDE3il5rkfp7DJnuKTTJt6KUnftw4gkMT4/QmCrMBX3vsGIxFYUW6KjGifge75xk9HVj6ZPrdafXD/a74BOdc2yFXGMqdLaOfYJlDzyMk+Rd0Vwq3mX6m6bxQLFScwPNMrEdHILOj7CxhE1yRzAB15YrBuP+SzVSraHBRCyLBwijCZ7STJFyVJ/Y+MjK9zuZXey8b6UIHrNa9Spwyl9NKKxr1FM8vVq8hYxMnJkHRpjc6pCecQDVL9FqO0OC8e674fAA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR03MB6642.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(346002)(136003)(39860400002)(366004)(376002)(451199021)(31686004)(66899021)(2906002)(478600001)(6486002)(52116002)(8676002)(8936002)(450100002)(3450700001)(66556008)(36756003)(41300700001)(66476007)(316002)(786003)(4326008)(66946007)(6916009)(83380400001)(86362001)(38100700002)(6512007)(5660300002)(31696002)(2616005)(186003)(6506007)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: PqjNysigGHC85M6qWNPG7Jtj4HpWtEKOhUYktutZsmaZGtVpLWGUR9XRcbEoe8np6NFgYLUq/GI0ZpkUgSk81R4+ezkbERiOYFMc7RDNS/7wR4eQgRH6EOk3FyYhWbgDn2p+AjQveLkN100cX3OR7mKpEPssSdaufizO+WSEggwzr3YbHurVrr/4s164eeaYa/IcPGgmPpLS3WjA9dpemM062fEwZ9fJpvkUxkYZq2bZCI/S5MHBw9fqdXOnzwEdhSvBo6NfSeofUGqsVmyEpaOBnRMC/PA85ik7IdiyWrlXoaf5K8g8RuFkZCuZeymEbgfi7YnqIxFa0rE174zgDPh4I2D0gZ+md1SV7IaXdQNpztq3Z9UjNYiaxB4gVZsAvuf2YPGZdurGIjt/1scoDyn6tV1978fkRerWzkB5Gj0lnAKcEgbrv6BT+QCtIqE3QaRr2RoeVARhLgGkaqcuKNJYjPfvIyuxSC89hmR5mgEgGW5FqJGPpMXjYM9A0ZvgFArMyGNatQnHrkhg2nxYCSi8//sGhhuL4RpgNZ3C9WDpPjQfqkhKhMHSx7iC4go2dQgCCgl41ryiGYr8+TIqZTwhYikhdI0DGOiZNo8FW/V9R0mwTlQkCH9iX0q6mbeUE7Cs2yY1raM9eYBHSSDS5Dxv8PH8FBbdSg0wx6mCjvQQrMiERn2aJH/TM2F9R+503sLReCLO9bVFs4KuTP8MNzEA3GWmjqC7zQsv+EUpjiiOAcKFedpoHWeX6ikXU2vo3gGSw49Tq/TubUGHUsxSyUwAfFpbrNIaJxPemvo2pGTvooyEO1DnkwGeBsbMXLQ7qBEdyHTu4QH2vDODHKi0kaGcZ31bQo1QXEqGRG74CVb0N4UZhluS/LHBFZ0oGl7r6Zypk2yrH2WPWMF9RoRcUwvfKc3yON0AbTQmZ6kY6nAsBklsXksyxI1+RYf7C1B4trOFmeOEqWYm/rPpnnP9vtNgfxmGK4F1GEaInU+BrNPacn2MnSFGbAOazjfXR5FX9JWyyS1Z/RABVvSJ7HespPVNV3YCo5NNK5uejdbhTJl0Jrc14zMeJJYe27P04JLOsWM8mXM8B1+oT0OdilgFtjQmZ22TZE2+xD5LSLFOTm3+FV1WsdzhjQD0rAovAcIbmhBcR6mVPQVZXuImoOxHl7Q3x8QND9i1/t6IZwNKMkEon6DgbygDPZx9ZaRC7MiTR+wxm5JDv2+nU99Yj8wJW9GG2bfDmoV42YYz9S5H39mf6PoE75KE9mWzmprXONNTjrNHfFlovSq6JR5w2EMCvz1yMo244xgIauqBE+T6QKJHFhgAFhp2XRBLAsRfTHhVN/+wvy2/LNZERMp54B1mXeckVbi6QF3H04gmbr52QyN6pxgqWLkbC3NbAlhfIOkxnBHS3ZaroUqKu+mBHglS2lxN1O9/ekVe7WKxsaKrrlh0KoB5cFuIFS20QPtXYMkh7076r1mndTDxShVKBYBxco+jfbYW9RCcvBP+KSmdK0cgDz/SQQWqUrDl5BR8EnS+WbR37ndz61xiIVBVPnX0tUoxb7/ndEKluFote4z82q2niapCN0ujX6ko9skIiY8pt+8c8MJq7fNjqG7ayr6iO5j/uPTkunAtWZi0M+0dxvk18DGRs1HL68qSteCz7tl2T1IglnU9Jqw2NoX7dOdBpf9KOkGVR6VAie6DBEJRfOw=
X-OriginatorOrg: uclouvain.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 715cfa46-11d3-424e-08a6-08db87733e4c
X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6642.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jul 2023 09:42:03.9921 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: nJpx1H87aW3Ci7PY6Y60ofZkmGHtlz2HDFdYx+AR3yQMc+3CRyFc2hdzsjXK9IJlY7UnFY91kxQh7tXWD01aGbLGGTRN+VA1xfffeieBFTZuRmsQ3LFSQcD+ye60UByo
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR03MB8366
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/T-9P8iVoU5i89VK9QJXnOG_IsL4>
Subject: [tsvwg] First review of draft-ietf-tsvwg-multipath-dccp-09
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jul 2023 09:42:11 -0000
Hello, As requested by Markus and Gorry, I did a first review of draft-ietf-tsvwg-multipath-dccp-09. I'm not involved in any implementation effort for MPDCCP and my review is independant of implementation considerations. It would be interesting to have reviews from implementors who are no co-authors of the draft. The proposed multipath extension uses several of the techniques included in Multipath TCP. This choice has advantages (Multipath TCP is known and works) but also drawbacks (the constraints on Multipath TCP are different than the constraints on DCCP). I will start my review with the high level design choices and then will discuss the organisation of the document and then more minor details. Note that I will be offline until mid-August and won't be able to immediately respond if you react to this email. Best regards, Olivier High level design choices ------------------------- MPDCCP uses subflows like MPTCP and HMAC to authenticate addresses. My first concern is the utilization of the Token in MPDCCP which is derived from the keys exchanges during the handshake. This design was required in MPTCP because there was no space in the extended SYN header to carry a connection identifier. In MPTCP, this forces the server to check for hash collissions when generating keys. There is no need to included this complexity in MPDCCP. MPDCCP would be clearer and probably easier to implement with a connection identifier that is selected by the host that receives MP_JOIN requests and could be exchanged durign the second phase of the handshake for example. My second concern is the utilization of a single Multipath option. In MPTCP, this was required to deal with middleboxes. I'm not sure that there are middleboxes that understand DCCP and interfere with it. The draft does not clearly specify how the sub-options can be used and whether there is an ordering of the different options. For example, to advertise an address, the DCCP packet must contain MP_SEQ, MP_ADDR and MP_HMAC, but the ordering of the options is not strictly defined. The difficulty comes when a single packet contains several MP_ADDR, MP_PRIO and other types of options that require confirmation. The semantics of the confirmation of some options is not clearly defined. My suggestion would be to use options that contain all the required information, i.e. sequence, address and HMAC for MP_ADDR. This would simplify the processing of the option and reduces the error cases that a receiver would need to handle (imagine a fuzzer that creates MPDCCP options in any order, the receiver needs to handle them correctly). Another concern with the confirmed options is whether the acknowledgements are for individual options or cumulative (i.e. ack 123 acks 121, 122 and 123) ? The wrap of the MP_SEQ sequence number also needs to be defined in the text. What happens when a host sends 3 options that require confirmation, but the first and the second are lost. Do they need to be delivered in sequence at the peer, do we need to wait for retransmissions ? What happens if a retransmission is lost several times, is there a risk of deadlock ? The document defines several types of keys, including ECDH keys. However, if Diffie Hellman keys are used, it should clearly indicate that these keys are not authenticated and thus an on-path middlebox could do a MITM on the MPDCCP connection. Document organisation --------------------- Section 2 should be expanded to provide a high level overview of the operation of the protocol. There are parts in sections 3.3, 3.4, 3.5 that are required to understand the discussion in 3.2. The document should probably define more precisely the state that a DCCP implementation should maintain on a per connection or pet path basis and how the different multipath options affect this state (in particular whether the state is modified when an option is sent bot not yet confirmed and what happens when options are received out-of-sequence) Although the document insists on compatibility with existing DCCP applications, I'm not aware of widespread dccp applications. It could be useful to have a companion document that describes sample mpdccp implementations. Minor details ------------- Abstract I would not place references in an abstract Introduction It would make sense to compare MPQUIC also in the introduction. MPQUIC supports streams and datagrams and progresses well within the IETF with several implementations and interoperability tests planned. MPQUIC is also planned for ATSSSv2 1.3 I would suggest to allow mpdccp to support a limit in the number of subflows that a host can support. MPTCP does not directly provide this, but MPQCUI does this by allocating CIDs. MPDCCP could at least have an error message that indicates that there are too may subflows. An implementation cannot easily support an unlimited number of subflows and this has security implications. 2. First para, I would not use the term subflo here 3.1 The document discusses the possibility of having different versions of MPDCCP, but it is not clear which version is specified by the document. Is it version 0 ? Is so, then let's stick to version 0 and explain how version 1 could be defined and negotiated. Figure 4 is miselading for me. 3.2.1 The word dataset is unclear and not defined. You might define the abstract state that a MPDCCP implementation should support The semantics of the confirmation of messages needs to be clearly defined. The para "The length of the MP_CONFIRM ... MP_ADDADDR." is unclear MP_SEQ is maintained per connection and not per path. Is it used for reordering of data packets or only for control packets ? Please specify how sequence number wraps For MP_ADDADDR, you might explain that each host maintains a list of unique address identifiers and that it manages them as it wishes. 3.2.3 The MPDCPP connection stays alive at the data level when a subflow is closes, but for how long ? FAST_CLOSE must be received on all subflows. What happens is FAST_CLOSE is not received on one subflow. In MPTCP, the FAST_CLOSE operation was defined this way to cope with middleboxes that track RST, this might not be required here The last two paras of this section are unclear 3.2.4 Does a host needs to support all these key mechanisms ? 3.2.6 This version of MPDCCP only defines one HMAC based on SHA-256. If SHA256 gets deprecated for any reason, would this require a new version of MPDCCP ? I would suggest to add some pseudocode to clarify how the data from the options is processed. Please also indicate that you use the network order representation of the addresses 3.2.7 The period and the rtt smoothing algorithms are unclear. Are they part of the CID ? assuming a packet lost after path_delta/2 ignores jitter 3.2.8 An on-path middlebox can extract the keys used by the hosts as in MPTCP. This should be discussed in the middlebox section because this could have an impact if one day MPDCCP mbox are designed 3.3 What is the motivation for sending key-A and key-B in the second phase of the handshake ? 3.8 If MPDCCP uses the minimum MPS accross all paths, there is a risk that an on-path attack on one path forces the utilization of very small packets on all paths. MPDCCP should be able to detect this attack and drop paths with a too low MPS
- [tsvwg] First review of draft-ietf-tsvwg-multipat… Olivier Bonaventure