Ilari,
In addition to the three drafts that are currently discussed, I have
submitted to the MPTCP working group a draft that explores how TLS and MPTCP
could be integrated together. This is another design point that might be of
interest for this working group as well. Several of the features included in
MPTCP to support multiple paths are also very useful to deal with packet
injection attacks, which is one of the elements of the discussion on whether
the header should be protected.
The first version of this draft is available at :
http://www.ietf.org/internet-drafts/draft-bonaventure-mptcp-tls-00.txt
Comments are more than welcome
Some quick comments:
Thanks for your feedback.
- MPTCP AFAIK mostly runs in kernelspace, so using TLS seems pretty complex
(I hope one doesn't have to fish anything out of certificates, since
those are ASN.1).
Current MPTCP (Linux, FreeBSD, ...) are kernelscape, but this is not
mandatory. MPTCP does not need to be seen as a monolithic software, we
can expose interfaces to TLS that enables the TLS user-level
implementation to pass some records such as the initial handshake and
use MPTCP for the data records.
- Using TLS oppurtinistically is insecure without session_hash extension
(not standardized yet!).
MPTLS could be used opportunitically or not. Different modes are possible.
- Block cipher mode is a bit deprecated in TLS. And the TLS construct
assumes that mode.
The draft assumes that the MAC can be computed separately from the
encryption. I'll be looking at other TLS modes and see how they can fit
in the proposed architecture. Pointers to the key deployed modes are
more than welcome
Olivier
--
INL, ICTEAM, UCLouvain, Belgium, http://inl.info.ucl.ac.be
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
