On Thu, Nov 06, 2014 at 08:42:52AM +0100, Olivier Bonaventure wrote: > > In addition to the three drafts that are currently discussed, I have > submitted to the MPTCP working group a draft that explores how TLS and MPTCP > could be integrated together. This is another design point that might be of > interest for this working group as well. Several of the features included in > MPTCP to support multiple paths are also very useful to deal with packet > injection attacks, which is one of the elements of the discussion on whether > the header should be protected. > > The first version of this draft is available at : > > http://www.ietf.org/internet-drafts/draft-bonaventure-mptcp-tls-00.txt > > > Comments are more than welcome
Some quick comments: - MPTCP AFAIK mostly runs in kernelspace, so using TLS seems pretty complex (I hope one doesn't have to fish anything out of certificates, since those are ASN.1). - Using TLS oppurtinistically is insecure without session_hash extension (not standardized yet!). - Block cipher mode is a bit deprecated in TLS. And the TLS construct assumes that mode. -Ilari _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
