One document matched: draft-paasch-mptcp-application-authentication-00.ps
%!PS-Adobe-3.0
%%BoundingBox: 24 24 571 818
%%Title: Enscript Output
%%For: Christoph Paasch
%%Creator: GNU Enscript 1.6.6
%%CreationDate: Fri May 27 10:25:39 2016
%%Orientation: Portrait
%%Pages: (atend)
%%DocumentMedia: A4 595 842 0 () ()
%%DocumentNeededResources: (atend)
%%EndComments
%%BeginProlog
%%BeginResource: procset Enscript-Prolog 1.6 6
%
% Procedures.
%
/_S { % save current state
/_s save def
} def
/_R { % restore from saved state
_s restore
} def
/S { % showpage protecting gstate
gsave
showpage
grestore
} bind def
/MF { % fontname newfontname -> - make a new encoded font
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
% insert only valid encoding vectors
encoding_vector length 256 eq {
newfont /Encoding encoding_vector put
} if
newfontname newfont definefont pop
} def
/MF_PS { % fontname newfontname -> - make a new font preserving its enc
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
newfontname newfont definefont pop
} def
/SF { % fontname width height -> - set a new font
/height exch def
/width exch def
findfont
[width 0 0 height 0 0] makefont setfont
} def
/SUF { % fontname width height -> - set a new user font
/height exch def
/width exch def
/F-gs-user-font MF
/F-gs-user-font width height SF
} def
/SUF_PS { % fontname width height -> - set a new user font preserving its enc
/height exch def
/width exch def
/F-gs-user-font MF_PS
/F-gs-user-font width height SF
} def
/M {moveto} bind def
/s {show} bind def
/Box { % x y w h -> - define box path
/d_h exch def /d_w exch def /d_y exch def /d_x exch def
d_x d_y moveto
d_w 0 rlineto
0 d_h rlineto
d_w neg 0 rlineto
closepath
} def
/bgs { % x y height blskip gray str -> - show string with bg color
/str exch def
/gray exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
gray setgray
fill
grestore
x y M str s
} def
/bgcs { % x y height blskip red green blue str -> - show string with bg color
/str exch def
/blue exch def
/green exch def
/red exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
red green blue setrgbcolor
fill
grestore
x y M str s
} def
% Highlight bars.
/highlight_bars { % nlines lineheight output_y_margin gray -> -
gsave
setgray
/ymarg exch def
/lineheight exch def
/nlines exch def
% This 2 is just a magic number to sync highlight lines to text.
0 d_header_y ymarg sub 2 sub translate
/cw d_output_w cols div def
/nrows d_output_h ymarg 2 mul sub lineheight div cvi def
% for each column
0 1 cols 1 sub {
cw mul /xp exch def
% for each rows
0 1 nrows 1 sub {
/rn exch def
rn lineheight mul neg /yp exch def
rn nlines idiv 2 mod 0 eq {
% Draw highlight bar. 4 is just a magic indentation.
xp 4 add yp cw 8 sub lineheight neg Box fill
} if
} for
} for
grestore
} def
% Line highlight bar.
/line_highlight { % x y width height gray -> -
gsave
/gray exch def
Box gray setgray fill
grestore
} def
% Column separator lines.
/column_lines {
gsave
.1 setlinewidth
0 d_footer_h translate
/cw d_output_w cols div def
1 1 cols 1 sub {
cw mul 0 moveto
0 d_output_h rlineto stroke
} for
grestore
} def
% Column borders.
/column_borders {
gsave
.1 setlinewidth
0 d_footer_h moveto
0 d_output_h rlineto
d_output_w 0 rlineto
0 d_output_h neg rlineto
closepath stroke
grestore
} def
% Do the actual underlay drawing
/draw_underlay {
ul_style 0 eq {
ul_str true charpath stroke
} {
ul_str show
} ifelse
} def
% Underlay
/underlay { % - -> -
gsave
0 d_page_h translate
d_page_h neg d_page_w atan rotate
ul_gray setgray
ul_font setfont
/dw d_page_h dup mul d_page_w dup mul add sqrt def
ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto
draw_underlay
grestore
} def
/user_underlay { % - -> -
gsave
ul_x ul_y translate
ul_angle rotate
ul_gray setgray
ul_font setfont
0 0 ul_h_ptsize 2 div sub moveto
draw_underlay
grestore
} def
% Page prefeed
/page_prefeed { % bool -> -
statusdict /prefeed known {
statusdict exch /prefeed exch put
} {
pop
} ifelse
} def
% Wrapped line markers
/wrapped_line_mark { % x y charwith charheight type -> -
/type exch def
/h exch def
/w exch def
/y exch def
/x exch def
type 2 eq {
% Black boxes (like TeX does)
gsave
0 setlinewidth
x w 4 div add y M
0 h rlineto w 2 div 0 rlineto 0 h neg rlineto
closepath fill
grestore
} {
type 3 eq {
% Small arrows
gsave
.2 setlinewidth
x w 2 div add y h 2 div add M
w 4 div 0 rlineto
x w 4 div add y lineto stroke
x w 4 div add w 8 div add y h 4 div add M
x w 4 div add y lineto
w 4 div h 8 div rlineto stroke
grestore
} {
% do nothing
} ifelse
} ifelse
} def
% EPSF import.
/BeginEPSF {
/b4_Inc_state save def % Save state for cleanup
/dict_count countdictstack def % Count objects on dict stack
/op_count count 1 sub def % Count objects on operand stack
userdict begin
/showpage { } def
0 setgray 0 setlinecap
1 setlinewidth 0 setlinejoin
10 setmiterlimit [ ] 0 setdash newpath
/languagelevel where {
pop languagelevel
1 ne {
false setstrokeadjust false setoverprint
} if
} if
} bind def
/EndEPSF {
count op_count sub { pos } repeat % Clean up stacks
countdictstack dict_count sub { end } repeat
b4_Inc_state restore
} bind def
% Check PostScript language level.
/languagelevel where {
pop /gs_languagelevel languagelevel def
} {
/gs_languagelevel 1 def
} ifelse
%%EndResource
%%BeginResource: procset Enscript-Encoding-88591 1.6 6
/encoding_vector [
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclam /quotedbl /numbersign
/dollar /percent /ampersand /quoteright
/parenleft /parenright /asterisk /plus
/comma /hyphen /period /slash
/zero /one /two /three
/four /five /six /seven
/eight /nine /colon /semicolon
/less /equal /greater /question
/at /A /B /C
/D /E /F /G
/H /I /J /K
/L /M /N /O
/P /Q /R /S
/T /U /V /W
/X /Y /Z /bracketleft
/backslash /bracketright /asciicircum /underscore
/quoteleft /a /b /c
/d /e /f /g
/h /i /j /k
/l /m /n /o
/p /q /r /s
/t /u /v /w
/x /y /z /braceleft
/bar /braceright /tilde /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclamdown /cent /sterling
/currency /yen /brokenbar /section
/dieresis /copyright /ordfeminine /guillemotleft
/logicalnot /hyphen /registered /macron
/degree /plusminus /twosuperior /threesuperior
/acute /mu /paragraph /bullet
/cedilla /onesuperior /ordmasculine /guillemotright
/onequarter /onehalf /threequarters /questiondown
/Agrave /Aacute /Acircumflex /Atilde
/Adieresis /Aring /AE /Ccedilla
/Egrave /Eacute /Ecircumflex /Edieresis
/Igrave /Iacute /Icircumflex /Idieresis
/Eth /Ntilde /Ograve /Oacute
/Ocircumflex /Otilde /Odieresis /multiply
/Oslash /Ugrave /Uacute /Ucircumflex
/Udieresis /Yacute /Thorn /germandbls
/agrave /aacute /acircumflex /atilde
/adieresis /aring /ae /ccedilla
/egrave /eacute /ecircumflex /edieresis
/igrave /iacute /icircumflex /idieresis
/eth /ntilde /ograve /oacute
/ocircumflex /otilde /odieresis /divide
/oslash /ugrave /uacute /ucircumflex
/udieresis /yacute /thorn /ydieresis
] def
%%EndResource
%%EndProlog
%%BeginSetup
%%IncludeResource: font Courier-Bold
%%IncludeResource: font Courier
/HFpt_w 10 def
/HFpt_h 10 def
/Courier-Bold /HF-gs-font MF
/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def
/Courier /F-gs-font MF
/F-gs-font 10 10 SF
/#copies 1 def
% Pagedevice definitions:
gs_languagelevel 1 gt {
<<
/PageSize [595 842]
>> setpagedevice
} if
/d_page_w 547 def
/d_page_h 794 def
/d_header_x 0 def
/d_header_y 794 def
/d_header_w 547 def
/d_header_h 0 def
/d_footer_x 0 def
/d_footer_y 0 def
/d_footer_w 547 def
/d_footer_h 0 def
/d_output_w 547 def
/d_output_h 794 def
/cols 1 def
%%EndSetup
%%Page: (1) 1
%%BeginPageSetup
_S
24 24 translate
/pagenum 1 def
/fname (draft-paasch-mptcp-application-authentication.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-application-authentication.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 737 M
(Internet Engineering Task Force C. Paasch) s
5 726 M
(Internet-Draft Apple, Inc.) s
5 715 M
(Intended status: Experimental A. Ford) s
5 704 M
(Expires: November 28, 2016 Pexip) s
5 693 M
( May 27, 2016) s
5 660 M
( Application Layer Authentication for MPTCP) s
5 649 M
( draft-paasch-mptcp-application-authentication-00) s
5 627 M
(Abstract) s
5 605 M
( Multipath TCP \(MPTCP\), described in [3], is an extension to TCP to) s
5 594 M
( provide the ability to simultaneously use multiple paths between) s
5 583 M
( hosts.) s
5 561 M
( MPTCP currently specifies a single authentication mechanism, using) s
5 550 M
( keys that are initially exchanged in the clear. There are) s
5 539 M
( application-layer protocols that may have better information as to) s
5 528 M
( the identity of the parties and so is able to better provide keying) s
5 517 M
( material that could be used for the authentication of future) s
5 506 M
( subflows.) s
5 484 M
( This document specifies "application layer authentication" for) s
5 473 M
( Multipath TCP, an alternatively negotiated keying mechanism for) s
5 462 M
( MPTCP.) s
5 440 M
(Status of This Memo) s
5 418 M
( This Internet-Draft is submitted in full conformance with the) s
5 407 M
( provisions of BCP 78 and BCP 79.) s
5 385 M
( Internet-Drafts are working documents of the Internet Engineering) s
5 374 M
( Task Force \(IETF\). Note that other groups may also distribute) s
5 363 M
( working documents as Internet-Drafts. The list of current Internet-) s
5 352 M
( Drafts is at http://datatracker.ietf.org/drafts/current/.) s
5 330 M
( Internet-Drafts are draft documents valid for a maximum of six months) s
5 319 M
( and may be updated, replaced, or obsoleted by other documents at any) s
5 308 M
( time. It is inappropriate to use Internet-Drafts as reference) s
5 297 M
( material or to cite them other than as "work in progress.") s
5 275 M
( This Internet-Draft will expire on November 28, 2016.) s
5 176 M
(Paasch & Ford Expires November 28, 2016 [Page 1]) s
_R
S
%%Page: (2) 2
%%BeginPageSetup
_S
24 24 translate
/pagenum 2 def
/fname (draft-paasch-mptcp-application-authentication.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-application-authentication.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft MPTCP Application Layer Auth May 2016) s
5 737 M
(Copyright Notice) s
5 715 M
( Copyright \(c\) 2016 IETF Trust and the persons identified as the) s
5 704 M
( document authors. All rights reserved.) s
5 682 M
( This document is subject to BCP 78 and the IETF Trust's Legal) s
5 671 M
( Provisions Relating to IETF Documents) s
5 660 M
( \(http://trustee.ietf.org/license-info\) in effect on the date of) s
5 649 M
( publication of this document. Please review these documents) s
5 638 M
( carefully, as they describe your rights and restrictions with respect) s
5 627 M
( to this document. Code Components extracted from this document must) s
5 616 M
( include Simplified BSD License text as described in Section 4.e of) s
5 605 M
( the Trust Legal Provisions and are provided without warranty as) s
5 594 M
( described in the Simplified BSD License.) s
5 572 M
(Table of Contents) s
5 550 M
( 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2) s
5 539 M
( 1.1. Key in plaintext . . . . . . . . . . . . . . . . . . . . 3) s
5 528 M
( 1.2. Token generation . . . . . . . . . . . . . . . . . . . . 3) s
5 517 M
( 1.2.1. Hash collision . . . . . . . . . . . . . . . . . . . 3) s
5 506 M
( 1.2.2. Derive information from the token . . . . . . . . . . 3) s
5 495 M
( 2. Proposed Technical Changes . . . . . . . . . . . . . . . . . 4) s
5 484 M
( 2.1. MP_CAPABLE Changes . . . . . . . . . . . . . . . . . . . 4) s
5 473 M
( 2.2. MP_JOIN Changes . . . . . . . . . . . . . . . . . . . . . 6) s
5 462 M
( 2.3. Data Sequence Number Changes . . . . . . . . . . . . . . 6) s
5 451 M
( 2.4. MP_FASTCLOSE Changes . . . . . . . . . . . . . . . . . . 7) s
5 440 M
( 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7) s
5 429 M
( 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7) s
5 418 M
( 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 7) s
5 407 M
( 5.1. Normative References . . . . . . . . . . . . . . . . . . 7) s
5 396 M
( 5.2. Informative References . . . . . . . . . . . . . . . . . 8) s
5 374 M
(1. Introduction) s
5 352 M
( The MPTCP handshake serves multiple purposes. First, hosts discover) s
5 341 M
( their peer's support of MPTCP. Second, each host announces a key) s
5 330 M
( that will be tied to this MPTCP session. The key also serves) s
5 319 M
( multiple purposes. First, the derivate of the key is being used as a) s
5 308 M
( token-identifier for the MPTCP connection. This derivate is a) s
5 297 M
( truncated hash of the key. Second, another truncated hash of the key) s
5 286 M
( serves as the initial data sequence number. And third, the key) s
5 275 M
( itself is used as an authenticator to prove that the host behind the) s
5 264 M
( IP-address used to establish new subflows is indeed the one that) s
5 253 M
( participated in the handshake of the initial subflow.) s
5 231 M
( In the following we explain the shortcomings of this exchange and how) s
5 220 M
( they impact the deployment of MPTCP.) s
5 176 M
(Paasch & Ford Expires November 28, 2016 [Page 2]) s
_R
S
%%Page: (3) 3
%%BeginPageSetup
_S
24 24 translate
/pagenum 3 def
/fname (draft-paasch-mptcp-application-authentication.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-application-authentication.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft MPTCP Application Layer Auth May 2016) s
5 737 M
(1.1. Key in plaintext) s
5 715 M
( The key-exchange happens during the handshake of the initial subflow.) s
5 704 M
( RFC 6824 specifies that this exchange happens in plaintext. As has) s
5 693 M
( been noted in RFC 7430, an eavesdropper on the initial handshake is) s
5 682 M
( thus able to learn the keys used in this MPTCP session. This allows) s
5 671 M
( him to generate the session's tokens and data sequence numbers,) s
5 660 M
( enabling him to effectively hijack the MPTCP session by creating a) s
5 649 M
( subflow with a different IP-address. The attacker will be able to) s
5 638 M
( generate a valid HMAC as he has full knowledge of the keys of this) s
5 627 M
( MPTCP session.) s
5 605 M
( To enhance MPTCP's security, it would be beneficial to not reveal) s
5 594 M
( MPTCP's keys in plaintext on the wire.) s
5 572 M
(1.2. Token generation) s
5 550 M
( The token is a truncation of the 32 most significant bits of the) s
5 539 M
( SHA-1 of the key. The key must be a random number of sufficient) s
5 528 M
( entropy to be used as part of the authentication mechanism, and thus) s
5 517 M
( a host has no control over the token as it is generating the key for) s
5 506 M
( the MPTCP-session. This has some implications on the deployability) s
5 495 M
( of MPTCP, outlined hereafter.) s
5 473 M
(1.2.1. Hash collision) s
5 451 M
( Due to the nature of the token-generation, the 32-bit token might) s
5 440 M
( collide with another already existing MPTCP session. While a 32-bit) s
5 429 M
( token collision should be very rare on client devices, a busy server) s
5 418 M
( \(with potentially tens of millions of active MPTCP connections\) will) s
5 407 M
( have a very high probability of a token collision.) s
5 385 M
( Upon such a collision, the server needs to generate a new) s
5 374 M
( cryptographically secure 64-bit key, and derive the token through a) s
5 363 M
( SHA-1 computation upon which he finally can verify the uniqueness of) s
5 352 M
( the token. If a collision happened again, the server has to start) s
5 341 M
( anew. This process imposes a computation overhead and complexity) s
5 330 M
( upon the server and impacts the scalability compared to regular TCP.) s
5 319 M
( Allowing a server to generate a token in such a way that uniqueness) s
5 308 M
( can be achieved easily would be beneficial for the scalability and) s
5 297 M
( deployment of MPTCP.) s
5 275 M
(1.2.2. Derive information from the token) s
5 253 M
( As the token is a truncated hash of the key, it is entirely of a) s
5 242 M
( random nature. As has been shown in [5], this brings several) s
5 231 M
( deployment challenges in large server farms. In particular, the) s
5 176 M
(Paasch & Ford Expires November 28, 2016 [Page 3]) s
_R
S
%%Page: (4) 4
%%BeginPageSetup
_S
24 24 translate
/pagenum 4 def
/fname (draft-paasch-mptcp-application-authentication.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-application-authentication.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft MPTCP Application Layer Auth May 2016) s
5 737 M
( layer-4 load balancers in front of this server farm need to maintain) s
5 726 M
( MPTCP-specific state in order to map a token to the server.) s
5 704 M
( The token can be looked at as a route-identifier, as it allows the) s
5 693 M
( server to associate the incoming SYN+MP_JOIN with an existing MPTCP-) s
5 682 M
( session. However, the random nature of the token does not allow a) s
5 671 M
( load balancer in the middle to do the same without having to maintain) s
5 660 M
( MPTCP-specific state.) s
5 638 M
( If the token can be generated in such a way that it carries the) s
5 627 M
( required routing information in such a way that it can be deciphered) s
5 616 M
( by all the trusted parties in the server farm deployment, large-scale) s
5 605 M
( deployment of MPTCP would be simplified.) s
5 583 M
( In the following we suggest an alternative handshake that allows) s
5 572 M
( MPTCP to increase its security by leveraging an external key-exchange) s
5 561 M
( and thus benefit from the security provided by protocols like TLS.) s
5 550 M
( As a side-effect of this approach, the token also can be exchanged in) s
5 539 M
( a more flexible way, addressing the above identified issues with the) s
5 528 M
( token generation.) s
5 506 M
(2. Proposed Technical Changes) s
5 484 M
(2.1. MP_CAPABLE Changes) s
5 462 M
( To resolve the issues identified in the previous section, this) s
5 451 M
( proposal separates the key handling for security \(i.e. the method for) s
5 440 M
( protecting new subflow exchanges\) from the token exchange. This) s
5 429 M
( means that:) s
5 407 M
( o Key exchange is handled in the application layer) s
5 385 M
( o Meaning can be exchanged in the token, and a custom generation) s
5 374 M
( method can be used, as it is decoupled from keying material) s
5 352 M
( This specification allocates the 'G' bit from the flags of MP_CAPABLE) s
5 341 M
( as an alternative security mechanism - "handled by application) s
5 330 M
( layer". In this case, the MP_CAPABLE exchange will send and receive) s
5 319 M
( tokens rather than keys.) s
5 297 M
( When the 'G' bit is set to 1, this implies support for this new) s
5 286 M
( mechanism, and the MP_CAPABLE exchange will operate as follows. The) s
5 275 M
( tokens take the place of the keys in the MP_CAPABLE exchange, but) s
5 264 M
( otherwise the exchange remains very similar. This exchange still) s
5 253 M
( maintains support for stateless servers. Note that this now means) s
5 242 M
( that tokens are 64 bits in length.) s
5 176 M
(Paasch & Ford Expires November 28, 2016 [Page 4]) s
_R
S
%%Page: (5) 5
%%BeginPageSetup
_S
24 24 translate
/pagenum 5 def
/fname (draft-paasch-mptcp-application-authentication.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-application-authentication.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft MPTCP Application Layer Auth May 2016) s
5 737 M
( 1 2 3) s
5 726 M
( 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1) s
5 715 M
( +---------------+---------------+-------+-------+---------------+) s
5 704 M
( | Kind | Length |Subtype|Version|A|B|C|D|E|F|G|H|) s
5 693 M
( +---------------+---------------+-------+-------+---------------+) s
5 682 M
( | Option Sender's Token \(64 bits\) |) s
5 671 M
( | \(if option Length > 4\) |) s
5 660 M
( | |) s
5 649 M
( +---------------------------------------------------------------+) s
5 638 M
( | Option Receiver's Token \(64 bits\) |) s
5 627 M
( | \(if option Length > 12\) |) s
5 616 M
( | |) s
5 605 M
( +-------------------------------+-------------------------------+) s
5 594 M
( | Data-Level Length \(16 bits\) | Checksum \(16 bits, optional\) |) s
5 583 M
( +-------------------------------+-------------------------------+) s
5 561 M
( Figure 1: Proposed Multipath Capable \(MP_CAPABLE\) Option) s
5 539 M
( The MP_CAPABLE option is carried on the SYN, SYN/ACK, and ACK packets) s
5 528 M
( that start the first subflow of an MPTCP connection, as well as the) s
5 517 M
( first packet that carries data, if the initiator wishes to send) s
5 506 M
( first. The data carried by each option is as follows, where A =) s
5 495 M
( initiator and B = listener.) s
5 473 M
( o SYN \(A->B\): only the first four octets \(Length = 4\).) s
5 451 M
( o SYN/ACK \(B->A\): B's token for this connection \(Length = 12\).) s
5 429 M
( o ACK \(no data\) \(A->B\): A's token followed by B's token \(Length =) s
5 418 M
( 20\).) s
5 396 M
( o ACK \(with first data\) \(A->B\): A's key followed by B's key followed) s
5 385 M
( by Data-Level Length, and optional Checksum \(Length = 22 or 24\).) s
5 363 M
( The contents of the option is determined by the SYN and ACK flags of) s
5 352 M
( the packet, along with the option's length field. For the diagram) s
5 341 M
( shown in Figure 1, "sender" and "receiver" refer to the sender or) s
5 330 M
( receiver of the TCP packet \(which can be either host\).) s
5 308 M
( If the sender of the initial SYN supports both SHA-1 \(as specified in) s
5 297 M
( [3]\) and application-layer, it can set both G and H bits to "1". The) s
5 286 M
( sender of the SYN/ACK can then make a decision as to which mode to) s
5 275 M
( support, and selects only one of those bits in the SYN/ACK.) s
5 176 M
(Paasch & Ford Expires November 28, 2016 [Page 5]) s
_R
S
%%Page: (6) 6
%%BeginPageSetup
_S
24 24 translate
/pagenum 6 def
/fname (draft-paasch-mptcp-application-authentication.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-application-authentication.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft MPTCP Application Layer Auth May 2016) s
5 737 M
(2.2. MP_JOIN Changes) s
5 715 M
( The MP_JOIN exchange remains almost the same:) s
5 693 M
( Host A Host B) s
5 682 M
( ------------------------ ----------) s
5 671 M
( Address A1 Address A2 Address B1) s
5 660 M
( ---------- ---------- ----------) s
5 649 M
( | | |) s
5 638 M
( | | SYN + MP_JOIN\(Token-B, R-A\) |) s
5 627 M
( | |------------------------------->|) s
5 616 M
( | |<-------------------------------|) s
5 605 M
( | | SYN/ACK + MP_JOIN\(HMAC-B, R-B\) |) s
5 594 M
( | | |) s
5 583 M
( | | ACK + MP_JOIN\(HMAC-A\) |) s
5 572 M
( | |------------------------------->|) s
5 561 M
( | |<-------------------------------|) s
5 550 M
( | | ACK |) s
5 528 M
( HMAC-A = HMAC\(Key=\(Key-A+Key-B\), Msg=\(R-A+R-B\)\)) s
5 517 M
( HMAC-B = HMAC\(Key=\(Key-B+Key-A\), Msg=\(R-B+R-A\)\)) s
5 495 M
( Figure 2: Example Use of MP_JOIN) s
5 473 M
( However, the token presented is now 64 bits. The key used in the) s
5 462 M
( HMAC exchange here is provided by the application layer. Otherwise,) s
5 451 M
( there are no other changes to the handshake. Note, however, that an) s
5 440 M
( MP_JOIN message cannot be sent until the application layer protocol) s
5 429 M
( has determined that the key exchange has completed.) s
5 407 M
( Depending on the key-exchange protocol that is in use at the) s
5 396 M
( application layer, it may be that the client already knows the key,) s
5 385 M
( while the server is not yet aware of it. In that case the server) s
5 374 M
( might receive SYN+MP_JOIN with a valid token, but the MPTCP-state on) s
5 363 M
( the server has not yet been populated with the key. The server must) s
5 352 M
( silently drop in that case the SYN+MP_JOIN. The client will) s
5 341 M
( retransmit its SYN+MP_JOIN and eventually the application on the) s
5 330 M
( server will have populated the MPTCP-state with the key.) s
5 308 M
(2.3. Data Sequence Number Changes) s
5 286 M
( The Initial Data Sequence Number for each host involved in an MPTCP) s
5 275 M
( connection is, by [3], derived from the SHA-1 hash of the key. If) s
5 264 M
( application-layer authentication is selected, the IDSN MUST instead) s
5 253 M
( be derived from the most-significant 64 bits of the SHA-1 hash of the) s
5 242 M
( token.) s
5 176 M
(Paasch & Ford Expires November 28, 2016 [Page 6]) s
_R
S
%%Page: (7) 7
%%BeginPageSetup
_S
24 24 translate
/pagenum 7 def
/fname (draft-paasch-mptcp-application-authentication.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-application-authentication.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft MPTCP Application Layer Auth May 2016) s
5 737 M
(2.4. MP_FASTCLOSE Changes) s
5 715 M
( MP_FASTCLOSE is the other method that uses the key in [3]. Given) s
5 704 M
( there is no knowledge as to a potential key's sensitivity, it can no) s
5 693 M
( longer be said that a key should be sent here. Instead, a truncation) s
5 682 M
( of the 64 most-significant bits of the SHA-1 hash [4] of the key) s
5 671 M
( should be used.) s
5 649 M
(3. Security Considerations) s
5 627 M
( This draft is proposing a mechanism that would allow an application-) s
5 616 M
( layer protocol to provide security, rather than relying on a) s
5 605 M
( cleartext exchange of the keys. As such, this document itself does) s
5 594 M
( not introduce any additional security concerns, but provides a) s
5 583 M
( mechanism by which additional security could be added to the MPTCP) s
5 572 M
( handshake, depending on the authentication method used at the) s
5 561 M
( application layer.) s
5 539 M
(4. IANA Considerations) s
5 517 M
( This document would update the "MPTCP Handshake Algorithms" sub-) s
5 506 M
( registry under the "Transmission Control Protocol \(TCP\) Parameters") s
5 495 M
( registry, based on the flags in MP_CAPABLE, to add the following) s
5 484 M
( algorithm:) s
5 462 M
( +----------+----------------------------------+---------------+) s
5 451 M
( | Flag Bit | Meaning | Reference |) s
5 440 M
( +----------+----------------------------------+---------------+) s
5 429 M
( | G | Application-layer Authentication | This document |) s
5 418 M
( +----------+----------------------------------+---------------+) s
5 396 M
( Table 1: MPTCP Handshake Algorithms) s
5 374 M
(5. References) s
5 352 M
(5.1. Normative References) s
5 330 M
( [1] Postel, J., "Transmission Control Protocol", STD 7, RFC) s
5 319 M
( 793, September 1981.) s
5 297 M
( [2] Bradner, S., "Key words for use in RFCs to Indicate) s
5 286 M
( Requirement Levels", BCP 14, RFC 2119, March 1997.) s
5 264 M
( [3] Ford, A., Raiciu, C., Handley, M., Bonaventure, O., and C.) s
5 253 M
( Paasch, "TCP Extensions for Multipath Operation with) s
5 242 M
( Multiple Addresses", draft-ietf-mptcp-rfc6824bis-05 \(work) s
5 231 M
( in progress\), January 2016.) s
5 176 M
(Paasch & Ford Expires November 28, 2016 [Page 7]) s
_R
S
%%Page: (8) 8
%%BeginPageSetup
_S
24 24 translate
/pagenum 8 def
/fname (draft-paasch-mptcp-application-authentication.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-application-authentication.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 770 M
(Internet-Draft MPTCP Application Layer Auth May 2016) s
5 737 M
( [4] National Institute of Science and Technology, "Secure Hash) s
5 726 M
( Standard", Federal Information Processing Standard \(FIPS\)) s
5 715 M
( 180-3, October 2008,) s
5 704 M
( <http://csrc.nist.gov/publications/fips/fips180-3/) s
5 693 M
( fips180-3_final.pdf>.) s
5 671 M
(5.2. Informative References) s
5 649 M
( [5] Paasch, C., Greenway, G., and A. Ford, "Multipath TCP) s
5 638 M
( behind Layer-4 loadbalancers", draft-paasch-mptcp-) s
5 627 M
( loadbalancer-00 \(work in progress\), September 2015.) s
5 605 M
(Authors' Addresses) s
5 583 M
( Christoph Paasch) s
5 572 M
( Apple, Inc.) s
5 561 M
( Cupertino) s
5 550 M
( US) s
5 528 M
( EMail: cpaasch@apple.com) s
5 495 M
( Alan Ford) s
5 484 M
( Pexip) s
5 462 M
( EMail: alan.ford@gmail.com) s
5 176 M
(Paasch & Ford Expires November 28, 2016 [Page 8]) s
_R
S
%%Trailer
%%Pages: 8
%%DocumentNeededResources: font Courier-Bold Courier
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-24 02:56:45 |