Brian E Carpenter <[email protected]> wrote: >> > MPTCP adda an additional TCP flow but for the application that still >> > looks like one flow. As I said I’m not sure if that is what you want. >> >> I think that this might be exactly what the application might want. >> As stable-connectivity doesn't detail the requirements of the application, >> the point of this section is to point out that the bandwidth limitations of >> the ACP need not be a constraint when the network is healthy.
> But that ducks the security issue. I don't think that's OK. Since the ACP
> secures connections *below* TCP and MPTCP allows paths that bypass the
ACP,
> this is a security hole you can drive a large truck through.
Yes, AFAIK, MPTCP doesn't just appear without awareness of the application.
Use of MPTCP implies application layer security if there are non-ACP paths.
I think that 95% of ASAs will live in a container/network-namespace/VRF that
sees ACP interfaces only. Those that do not need to take care anyway.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
