One document matched: draft-paasch-mptcp-control-stream-00.ps
%!PS-Adobe-3.0
%%BoundingBox: 18 36 594 756
%%Title: Enscript Output
%%Creator: GNU Enscript 1.6.5.90
%%CreationDate: Tue Feb 11 16:33:44 2014
%%Orientation: Portrait
%%Pages: (atend)
%%DocumentMedia: Letter 612 792 0 () ()
%%DocumentNeededResources: (atend)
%%EndComments
%%BeginProlog
%%BeginResource: procset Enscript-Prolog 1.6.5 90
%
% Procedures.
%
/_S { % save current state
/_s save def
} def
/_R { % restore from saved state
_s restore
} def
/S { % showpage protecting gstate
gsave
showpage
grestore
} bind def
/MF { % fontname newfontname -> - make a new encoded font
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
% insert only valid encoding vectors
encoding_vector length 256 eq {
newfont /Encoding encoding_vector put
} if
newfontname newfont definefont pop
} def
/MF_PS { % fontname newfontname -> - make a new font preserving its enc
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
newfontname newfont definefont pop
} def
/SF { % fontname width height -> - set a new font
/height exch def
/width exch def
findfont
[width 0 0 height 0 0] makefont setfont
} def
/SUF { % fontname width height -> - set a new user font
/height exch def
/width exch def
/F-gs-user-font MF
/F-gs-user-font width height SF
} def
/SUF_PS { % fontname width height -> - set a new user font preserving its enc
/height exch def
/width exch def
/F-gs-user-font MF_PS
/F-gs-user-font width height SF
} def
/M {moveto} bind def
/s {show} bind def
/Box { % x y w h -> - define box path
/d_h exch def /d_w exch def /d_y exch def /d_x exch def
d_x d_y moveto
d_w 0 rlineto
0 d_h rlineto
d_w neg 0 rlineto
closepath
} def
/bgs { % x y height blskip gray str -> - show string with bg color
/str exch def
/gray exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
gray setgray
fill
grestore
x y M str s
} def
/bgcs { % x y height blskip red green blue str -> - show string with bg color
/str exch def
/blue exch def
/green exch def
/red exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
red green blue setrgbcolor
fill
grestore
x y M str s
} def
% Highlight bars.
/highlight_bars { % nlines lineheight output_y_margin gray -> -
gsave
setgray
/ymarg exch def
/lineheight exch def
/nlines exch def
% This 2 is just a magic number to sync highlight lines to text.
0 d_header_y ymarg sub 2 sub translate
/cw d_output_w cols div def
/nrows d_output_h ymarg 2 mul sub lineheight div cvi def
% for each column
0 1 cols 1 sub {
cw mul /xp exch def
% for each rows
0 1 nrows 1 sub {
/rn exch def
rn lineheight mul neg /yp exch def
rn nlines idiv 2 mod 0 eq {
% Draw highlight bar. 4 is just a magic indentation.
xp 4 add yp cw 8 sub lineheight neg Box fill
} if
} for
} for
grestore
} def
% Line highlight bar.
/line_highlight { % x y width height gray -> -
gsave
/gray exch def
Box gray setgray fill
grestore
} def
% Column separator lines.
/column_lines {
gsave
.1 setlinewidth
0 d_footer_h translate
/cw d_output_w cols div def
1 1 cols 1 sub {
cw mul 0 moveto
0 d_output_h rlineto stroke
} for
grestore
} def
% Column borders.
/column_borders {
gsave
.1 setlinewidth
0 d_footer_h moveto
0 d_output_h rlineto
d_output_w 0 rlineto
0 d_output_h neg rlineto
closepath stroke
grestore
} def
% Do the actual underlay drawing
/draw_underlay {
ul_style 0 eq {
ul_str true charpath stroke
} {
ul_str show
} ifelse
} def
% Underlay
/underlay { % - -> -
gsave
0 d_page_h translate
d_page_h neg d_page_w atan rotate
ul_gray setgray
ul_font setfont
/dw d_page_h dup mul d_page_w dup mul add sqrt def
ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto
draw_underlay
grestore
} def
/user_underlay { % - -> -
gsave
ul_x ul_y translate
ul_angle rotate
ul_gray setgray
ul_font setfont
0 0 ul_h_ptsize 2 div sub moveto
draw_underlay
grestore
} def
% Page prefeed
/page_prefeed { % bool -> -
statusdict /prefeed known {
statusdict exch /prefeed exch put
} {
pop
} ifelse
} def
% Wrapped line markers
/wrapped_line_mark { % x y charwith charheight type -> -
/type exch def
/h exch def
/w exch def
/y exch def
/x exch def
type 2 eq {
% Black boxes (like TeX does)
gsave
0 setlinewidth
x w 4 div add y M
0 h rlineto w 2 div 0 rlineto 0 h neg rlineto
closepath fill
grestore
} {
type 3 eq {
% Small arrows
gsave
.2 setlinewidth
x w 2 div add y h 2 div add M
w 4 div 0 rlineto
x w 4 div add y lineto stroke
x w 4 div add w 8 div add y h 4 div add M
x w 4 div add y lineto
w 4 div h 8 div rlineto stroke
grestore
} {
% do nothing
} ifelse
} ifelse
} def
% EPSF import.
/BeginEPSF {
/b4_Inc_state save def % Save state for cleanup
/dict_count countdictstack def % Count objects on dict stack
/op_count count 1 sub def % Count objects on operand stack
userdict begin
/showpage { } def
0 setgray 0 setlinecap
1 setlinewidth 0 setlinejoin
10 setmiterlimit [ ] 0 setdash newpath
/languagelevel where {
pop languagelevel
1 ne {
false setstrokeadjust false setoverprint
} if
} if
} bind def
/EndEPSF {
count op_count sub { pos } repeat % Clean up stacks
countdictstack dict_count sub { end } repeat
b4_Inc_state restore
} bind def
% Check PostScript language level.
/languagelevel where {
pop /gs_languagelevel languagelevel def
} {
/gs_languagelevel 1 def
} ifelse
%%EndResource
%%BeginResource: procset Enscript-Encoding-88591 1.6.5 90
/encoding_vector [
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclam /quotedbl /numbersign
/dollar /percent /ampersand /quoteright
/parenleft /parenright /asterisk /plus
/comma /hyphen /period /slash
/zero /one /two /three
/four /five /six /seven
/eight /nine /colon /semicolon
/less /equal /greater /question
/at /A /B /C
/D /E /F /G
/H /I /J /K
/L /M /N /O
/P /Q /R /S
/T /U /V /W
/X /Y /Z /bracketleft
/backslash /bracketright /asciicircum /underscore
/quoteleft /a /b /c
/d /e /f /g
/h /i /j /k
/l /m /n /o
/p /q /r /s
/t /u /v /w
/x /y /z /braceleft
/bar /braceright /tilde /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclamdown /cent /sterling
/currency /yen /brokenbar /section
/dieresis /copyright /ordfeminine /guillemotleft
/logicalnot /hyphen /registered /macron
/degree /plusminus /twosuperior /threesuperior
/acute /mu /paragraph /bullet
/cedilla /onesuperior /ordmasculine /guillemotright
/onequarter /onehalf /threequarters /questiondown
/Agrave /Aacute /Acircumflex /Atilde
/Adieresis /Aring /AE /Ccedilla
/Egrave /Eacute /Ecircumflex /Edieresis
/Igrave /Iacute /Icircumflex /Idieresis
/Eth /Ntilde /Ograve /Oacute
/Ocircumflex /Otilde /Odieresis /multiply
/Oslash /Ugrave /Uacute /Ucircumflex
/Udieresis /Yacute /Thorn /germandbls
/agrave /aacute /acircumflex /atilde
/adieresis /aring /ae /ccedilla
/egrave /eacute /ecircumflex /edieresis
/igrave /iacute /icircumflex /idieresis
/eth /ntilde /ograve /oacute
/ocircumflex /otilde /odieresis /divide
/oslash /ugrave /uacute /ucircumflex
/udieresis /yacute /thorn /ydieresis
] def
%%EndResource
%%EndProlog
%%BeginSetup
%%IncludeResource: font Courier-Bold
%%IncludeResource: font Courier
/HFpt_w 10 def
/HFpt_h 10 def
/Courier-Bold /HF-gs-font MF
/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def
/Courier /F-gs-font MF
/F-gs-font 10 10 SF
/#copies 1 def
% Pagedevice definitions:
gs_languagelevel 1 gt {
<<
/PageSize [612 792]
>> setpagedevice
} if
/d_page_w 576 def
/d_page_h 720 def
/d_header_x 0 def
/d_header_y 720 def
/d_header_w 576 def
/d_header_h 0 def
/d_footer_x 0 def
/d_footer_y 0 def
/d_footer_w 576 def
/d_footer_h 0 def
/d_output_w 576 def
/d_output_h 720 def
/cols 1 def
%%EndSetup
%%Page: (1) 1
%%BeginPageSetup
_S
18 36 translate
/pagenum 1 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 663 M
(MPTCP C. Paasch) s
5 652 M
(Internet-Draft O. Bonaventure) s
5 641 M
(Intended status: Experimental UCLouvain) s
5 630 M
(Expires: August 15, 2014 February 11, 2014) s
5 597 M
( A generic control stream for Multipath TCP) s
5 586 M
( draft-paasch-mptcp-control-stream-00) s
5 564 M
(Abstract) s
5 542 M
( Multipath TCP's extensive use of TCP options to exchange control) s
5 531 M
( information consumes a significant part of the TCP option space.) s
5 520 M
( Extending MPTCP to add more control information into the session) s
5 509 M
( becomes cumbersome as the TCP option space is limited to 40 bytes.) s
5 487 M
( This draft introduces a control stream that allows to send control) s
5 476 M
( information as part of the subflow's payload. The control stream is) s
5 465 M
( mapped into a separate sequence number space and uses a TLV-format) s
5 454 M
( for maximum extensibility. It is left to future documents to specify) s
5 443 M
( how the TLV-format might be used to exchange control information. As) s
5 432 M
( the control stream is sent as part of the subflow's payload, it is) s
5 421 M
( not subject to the 40 bytes limitation of the TCP option space.) s
5 399 M
(Status of This Memo) s
5 377 M
( This Internet-Draft is submitted in full conformance with the) s
5 366 M
( provisions of BCP 78 and BCP 79.) s
5 344 M
( Internet-Drafts are working documents of the Internet Engineering) s
5 333 M
( Task Force \(IETF\). Note that other groups may also distribute) s
5 322 M
( working documents as Internet-Drafts. The list of current Internet-) s
5 311 M
( Drafts is at http://datatracker.ietf.org/drafts/current/.) s
5 289 M
( Internet-Drafts are draft documents valid for a maximum of six months) s
5 278 M
( and may be updated, replaced, or obsoleted by other documents at any) s
5 267 M
( time. It is inappropriate to use Internet-Drafts as reference) s
5 256 M
( material or to cite them other than as "work in progress.") s
5 234 M
( This Internet-Draft will expire on August 15, 2014.) s
5 212 M
(Copyright Notice) s
5 190 M
( Copyright \(c\) 2014 IETF Trust and the persons identified as the) s
5 179 M
( document authors. All rights reserved.) s
5 157 M
( This document is subject to BCP 78 and the IETF Trust's Legal) s
5 146 M
( Provisions Relating to IETF Documents) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 1]) s
_R
S
%%Page: (2) 2
%%BeginPageSetup
_S
18 36 translate
/pagenum 2 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( \(http://trustee.ietf.org/license-info\) in effect on the date of) s
5 652 M
( publication of this document. Please review these documents) s
5 641 M
( carefully, as they describe your rights and restrictions with respect) s
5 630 M
( to this document. Code Components extracted from this document must) s
5 619 M
( include Simplified BSD License text as described in Section 4.e of) s
5 608 M
( the Trust Legal Provisions and are provided without warranty as) s
5 597 M
( described in the Simplified BSD License.) s
5 575 M
(Table of Contents) s
5 553 M
( 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2) s
5 542 M
( 2. The control stream . . . . . . . . . . . . . . . . . . . . . 3) s
5 531 M
( 2.1. Window considerations . . . . . . . . . . . . . . . . . . 5) s
5 520 M
( 3. Connection initiation . . . . . . . . . . . . . . . . . . . . 5) s
5 509 M
( 4. Starting a new subflow . . . . . . . . . . . . . . . . . . . 8) s
5 498 M
( 5. Examples of key negotiation through the control stream . . . 9) s
5 487 M
( 5.1. Reusing the application's TLS key . . . . . . . . . . . . 10) s
5 476 M
( 5.2. TLS-like key exchange . . . . . . . . . . . . . . . . . . 10) s
5 465 M
( 5.3. Tcpcrypt-like key exchange . . . . . . . . . . . . . . . 10) s
5 454 M
( 6. Other example use cases of the control stream . . . . . . . . 10) s
5 443 M
( 6.1. Address signaling . . . . . . . . . . . . . . . . . . . . 10) s
5 432 M
( 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10) s
5 421 M
( 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11) s
5 410 M
( 9. Informative References . . . . . . . . . . . . . . . . . . . 11) s
5 399 M
( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11) s
5 377 M
(1. Introduction) s
5 355 M
( Multipath TCP [RFC6824] uses the TCP options to exchange control) s
5 344 M
( information between the communication hosts. [RFC6824] defines) s
5 333 M
( several new TCP options that are used during the three-way handshake) s
5 322 M
( and the data transfer. Using options is the standard method to) s
5 311 M
( extend the TCP protocol. Unfortunately, the maximum length of the) s
5 300 M
( TCP options field is 40 bytes. This severely limit the utilisation) s
5 289 M
( of options to exchange control information between communicating) s
5 278 M
( hosts. During the three-way handshake, the TCP options space is) s
5 267 M
( further limited by the other TCP options that are also included in) s
5 256 M
( the SYN and SYN+ACK segments. [RFC6824] did its best to minimize the) s
5 245 M
( size of the MP_CAPABLE option inside the SYN and SYN+ACK segments) s
5 234 M
( given the presence of other options \(typically MSS, timestamp,) s
5 223 M
( selective acknowledgements and window scale\). However, this has been) s
5 212 M
( at the cost of a reduced security due to the utilization of security) s
5 201 M
( keys that are too short.) s
5 179 M
( The security requirements for MPTCP ask for a strong authentication) s
5 168 M
( of additional subflows [RFC6181]. Given the restriction in the size) s
5 157 M
( of the MPTCP options, it seems very difficult to provide strong) s
5 146 M
( security by relying only on TCP options that cannot be longer than 40) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 2]) s
_R
S
%%Page: (3) 3
%%BeginPageSetup
_S
18 36 translate
/pagenum 3 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( bytes and are not exchanged reliably. Although a design to overcome) s
5 652 M
( these problems would probably be possible, it would add a lot of) s
5 641 M
( complexity to the protocol.) s
5 619 M
( Furthermore, today's MPTCP control information is sent in an) s
5 608 M
( unreliable manner. This means that control information like MP_PRIO,) s
5 597 M
( ADD_ADDR or REMOVE_ADDRESS might get lost, resulting in potential) s
5 586 M
( suboptimal performance of Multipath TCP.) s
5 564 M
( In this document, we show that another design is possible. Instead) s
5 553 M
( of using only TCP options to exchange control information, we show) s
5 542 M
( how it is possible to define a control stream in parallel with the) s
5 531 M
( data stream that is used to exchange data over the established) s
5 520 M
( subflows. By using this control stream, two MPTCP hosts can reliably) s
5 509 M
( exchange control information without being restricted by TCP option) s
5 498 M
( space. The control stream can be used to exchange cryptographic) s
5 487 M
( material to authenticate the handshake of additional subflows or for) s
5 476 M
( any other purpose.) s
5 454 M
( Together with the control stream, we propose to modify the MPTCP-) s
5 443 M
( handshake so that no crypto information is exchanged within the TCP) s
5 432 M
( options. We suggest to use the control stream instead. Within the) s
5 421 M
( control stream, different key-negotiation schemes can be specified) s
5 410 M
( \(e.g., reuse SSL-key, tcpcrypt-style, Diffie-Hellman,...\)) s
5 388 M
( This document is structured as follows. First, we define how the) s
5 377 M
( control stream can be used within an MPTCP session. Section 3) s
5 366 M
( presents the modified MPTCP handshake of the initial subflow, while) s
5 355 M
( Section 4 specifies the handshake of additional subflows. Section 5) s
5 344 M
( gives some example use-cases for the key negotiation through the) s
5 333 M
( control stream. Finally, Section 6 gives another example on how to) s
5 322 M
( use the control stream to conduct the MPTCP session.) s
5 300 M
(2. The control stream) s
5 278 M
( In contrast with SCTP [RFC4960], TCP and Multipath TCP [RFC6824] only) s
5 267 M
( support one data stream. SCTP uses chunks to allow the communicating) s
5 256 M
( hosts to exchange control information of almost unlimited size. As) s
5 245 M
( explained earlier, having a control stream in Multipath TCP would) s
5 234 M
( enable a reliable delivery of the control information without strict) s
5 223 M
( length limitations.) s
5 201 M
( This section defines a control stream that allows to exchange MPTCP) s
5 190 M
( control information of arbitrary length besides the regular data) s
5 179 M
( stream. The control stream holds data in a TLV-format and thus any) s
5 168 M
( type of data can be added to it. Further, the control stream) s
5 157 M
( provides a reliable and in-order delivery of the control data.) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 3]) s
_R
S
%%Page: (4) 4
%%BeginPageSetup
_S
18 36 translate
/pagenum 4 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( The control stream is sent within the payload of the TCP segments.) s
5 652 M
( This ensures a reliable delivery of the TLVs exchanged in the control) s
5 641 M
( stream. Further, a separate control-sequence number space is defined) s
5 630 M
( for the control stream to ensure in-order delivery of the control) s
5 619 M
( stream. The Initial Control stream Sequence Number \(ICSN\) is the) s
5 608 M
( same as the IDSN in the respective directions. A DSS-mapping is used) s
5 597 M
( within the TCP option space to signal the control stream sequence) s
5 586 M
( numbers as well as a control stream acknowledgement. This DSS-) s
5 575 M
( mapping option is the same as the one defined in [RFC6824]. To) s
5 564 M
( differentiate the control stream from the data stream, we use the) s
5 553 M
( last bit of the 'reserved' field of the MPTCP DSS option. We call) s
5 542 M
( this bit the Stream \(S\) bit. When the DSS option is used to map) s
5 531 M
( regular data, this bit is set to 0. When the DSS option is used to) s
5 520 M
( map one TLV on the control stream, it is set to 1 \(see Figure Figure) s
5 509 M
( 1\)) s
5 487 M
( 1 2 3) s
5 476 M
( 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1) s
5 465 M
( +---------------+---------------+-------+----------------------+) s
5 454 M
( | Kind | Length |Subtype|\(reserved\)|S|F|m|M|a|A|) s
5 443 M
( +---------------+---------------+-------+----------------------+) s
5 432 M
( | Control ACK \(4 or 8 octets, depending on flags\) |) s
5 421 M
( +--------------------------------------------------------------+) s
5 410 M
( |Control sequence number \(4 or 8 octets, depending on flags\) |) s
5 399 M
( +--------------------------------------------------------------+) s
5 388 M
( | Subflow Sequence Number \(4 octets\) |) s
5 377 M
( +-------------------------------+------------------------------+) s
5 366 M
( |Control-Level Length \(2 octets\)| Checksum \(2 octets\) |) s
5 355 M
( +-------------------------------+------------------------------+) s
5 333 M
( The S bit of the 'reserved' field is set to 1 when sending on the) s
5 322 M
( control stream.) s
5 300 M
( Figure 1) s
5 278 M
( The control information exchanged in the control stream is encoded by) s
5 267 M
( using a TLV format, where the type and length are 16-bit values.) s
5 256 M
( This allows for maximum extensibility and to use very long data) s
5 245 M
( within the control stream. The format of the TLV option is shown in) s
5 234 M
( Figure 2) s
5 212 M
( 1 2 3) s
5 201 M
( 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1) s
5 190 M
( +---------------+---------------+-------+----------------------+) s
5 179 M
( | Type | Length |) s
5 168 M
( +---------------+---------------+-------+----------------------+) s
5 157 M
( | Value \(Length - 4\) |) s
5 146 M
( +-------------------------------+------------------------------+) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 4]) s
_R
S
%%Page: (5) 5
%%BeginPageSetup
_S
18 36 translate
/pagenum 5 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( The TLV option format) s
5 641 M
( Figure 2) s
5 619 M
(2.1. Window considerations) s
5 597 M
( MPTCP uses the receive-window to do flow-control at the receiver.) s
5 586 M
( The receive-window within MPTCP is being used at the data sequence) s
5 575 M
( level, however any segment sent on a subflow must obey to the last) s
5 564 M
( window-announcement received on this particular subflow with respect) s
5 553 M
( to the subflow-level sequence number.) s
5 531 M
( The control stream is no different with respect to this last point.) s
5 520 M
( The subflow-sequence numbers used for control stream data must fit) s
5 509 M
( within the window announced over this specific subflow. However, to) s
5 498 M
( avoid issues of receive-window handling at the control stream) s
5 487 M
( sequence number level, a host may never have more than one) s
5 476 M
( unacknowledged TLV-field in-flight. This effectively limits the) s
5 465 M
( amount of memory required to support the control-stream down to 64KB) s
5 454 M
( \(the maximum size of a TLV-field\).) s
5 432 M
( TCP uses the congestion-window to limit the amount of unacknowledged) s
5 421 M
( in-flight data within a TCP connection. The control stream must also) s
5 410 M
( obey to this limitation. As the control stream uses regular TCP) s
5 399 M
( sequence numbers, the congestion-window limitations apply too.) s
5 377 M
(3. Connection initiation) s
5 355 M
( The control stream allows to negotiate the crypto material to) s
5 344 M
( authenticate new subflows. Thus, the handshake of the initial) s
5 333 M
( subflow does not need anymore to send the 64-bit key in plaintext.) s
5 322 M
( The suggested modification to the initial handshake is detailled in) s
5 311 M
( this section.) s
5 289 M
( MultiPath TCP uses the MP_CAPABLE option in the handshake for the) s
5 278 M
( initial subflow. This handshake was designed to meet several) s
5 267 M
( requirements. When designing another variant of the Multipath TCP) s
5 256 M
( handshake, it is important to have these requirements in mind. These) s
5 245 M
( requirements are :) s
5 223 M
( 1. Detect whether the peer supports MultiPath TCP.) s
5 201 M
( 2. Exchange locally unique tokens that unambiguously identify the) s
5 190 M
( Multipath TCP connection) s
5 168 M
( 3. Agree on an Initial Data Sequence Number to initialize the MPTCP) s
5 157 M
( state on each direction of the Multipath TCP connection) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 5]) s
_R
S
%%Page: (6) 6
%%BeginPageSetup
_S
18 36 translate
/pagenum 6 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( Before discussing the proposed handshake, it is important to have in) s
5 652 M
( mind how [RFC6824] meets the three requirements above.) s
5 630 M
( The first requirement is simply met by using a Multipath TCP specific) s
5 619 M
( option, like all TCP extensions.) s
5 597 M
( To meet the second requirement, a simple solution would have been to) s
5 586 M
( encode the token inside the MP_CAPABLE option. However, this would) s
5 575 M
( have increased its size. This would have limited the possibility of) s
5 564 M
( extending Multipath TCP later by adding new TCP options that require) s
5 553 M
( space inside the SYN segments. To minimize the number of option) s
5 542 M
( bytes consummed in the SYN segment, [RFC6824] uses a hash function to) s
5 531 M
( compute the token based on the keys exchanged in clear. However,) s
5 520 M
( using hash functions implies that implementations must handle the) s
5 509 M
( possible collisions which increases the complexity of implementing) s
5 498 M
( the Multipath TCP handshake.) s
5 476 M
( In this document we suggest a simplified handshake that meets the) s
5 465 M
( above three goals. This simplified handshake avoids negotiating the) s
5 454 M
( crypto-material during the three-way handshake. Instead, security) s
5 443 M
( information is exchanged reliably by relying on the control stream.) s
5 432 M
( The figure below provides an overview of the proposed handshake.) s
5 410 M
( Host A Host B) s
5 399 M
( ---------- ----------) s
5 388 M
( Address A1 Address B1) s
5 377 M
( ---------- ----------) s
5 366 M
( | |) s
5 355 M
( | SYN+MP_CAPABLE\(Token-A\) |) s
5 344 M
( |----------------------------------->|) s
5 333 M
( | |) s
5 322 M
( |SYN/ACK+MP_CAPABLE\(Token-B\) |) s
5 311 M
( |<-----------------------------------|) s
5 300 M
( | |) s
5 289 M
( | ACK+MP_CAPABLE\(Token-A, Token-B\) |) s
5 278 M
( | |) s
5 267 M
( |----------------------------------->|) s
5 245 M
( Handshake of the initial subflow.) s
5 223 M
( Figure 3) s
5 201 M
( MPTCP's establishment of the initial subflow follows TCP's regular) s
5 190 M
( 3-way handshake, but the SYN, SYN/ACK and ACK packets contain the) s
5 179 M
( MP_CAPABLE-option. The proposed MP_CAPABLE option contains one 32) s
5 168 M
( bits token in the SYN and SYN/ACK segments. The third ACK includes) s
5 157 M
( an MP_CAPABLE option that contains the two tokens. Echoing all the) s
5 146 M
( information back in the third ACK allows stateless operation of the) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 6]) s
_R
S
%%Page: (7) 7
%%BeginPageSetup
_S
18 36 translate
/pagenum 7 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( server. The tokens are used to explicitly exchange the identifiers) s
5 652 M
( of the Multipath TCP connection.) s
5 630 M
( It is required that the server, upon reception of the SYN generates a) s
5 619 M
( token different from the client's token. This is necessary to) s
5 608 M
( protect against reflection attacks when establishing additional) s
5 597 M
( subflows.) s
5 575 M
( The format of the proposed MP_CAPABLE option is proposed in the) s
5 564 M
( figures below.) s
5 542 M
( 1 2 3) s
5 531 M
( 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1) s
5 520 M
( +---------------+---------------+-------+-------+---------------+) s
5 509 M
( | Kind | Length |Subtype|Version|A|B|C|D|E|F|G|H|) s
5 498 M
( +---------------+---------------+-------+-------+---------------+) s
5 487 M
( | Sender's Token \(32 bits\) |) s
5 476 M
( +---------------------------------------------------------------+) s
5 454 M
( Format of the MP_CAPABLE-option in the SYN and SYN/ACK packets) s
5 432 M
( Figure 4) s
5 410 M
( 1 2 3) s
5 399 M
( 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1) s
5 388 M
( +---------------+---------------+-------+-------+---------------+) s
5 377 M
( | Kind | Length |Subtype|Version|A|B|C|D|E|F|G|H|) s
5 366 M
( +---------------+---------------+-------+-------+---------------+) s
5 355 M
( | Sender's Token \(32 bits\) |) s
5 344 M
( +---------------------------------------------------------------+) s
5 333 M
( | Receiver's Token \(32 bits\) |) s
5 322 M
( +---------------------------------------------------------------+) s
5 300 M
( Format of the MP_CAPABLE-option in the third ACK of the handshake) s
5 278 M
( Figure 5) s
5 256 M
( The format of the MP_CAPABLE option is shown in Figure 4. To) s
5 245 M
( indicate that this MP_CAPABLE contains tokens numbers and not keys) s
5 234 M
( \(as in [RFC6824]\), the Version-field is set to 1. The message format) s
5 223 M
( of the third ACK's MP_CAPABLE option is show in Figure 5.) s
5 201 M
( The Initial Data Sequence Number \(IDSN\) serves to initialize the) s
5 190 M
( MPTCP state on the end-hosts in the same way as TCP's sequence) s
5 179 M
( numbers do during the 3-way handshake. There is one IDSN for each) s
5 168 M
( direction of the data-stream. The IDSN for the data from the client) s
5 157 M
( to the server is the 64 low-order bits of the hash \(SHA1\) of the) s
5 146 M
( concatenation of the tokens \(Token-A || Token-B\). For the data from) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 7]) s
_R
S
%%Page: (8) 8
%%BeginPageSetup
_S
18 36 translate
/pagenum 8 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( server to client, the IDSN is 64 low-order bits of the hash \(SHA1\) of) s
5 652 M
( the reverse concatenation \(Token-B || Token-A\). The tokens should be) s
5 641 M
( generated with sufficient randomness so that they are hard to guess.) s
5 630 M
( Recommendations for generating random numbers are given in [RFC4086].) s
5 608 M
( The meaning of the other fields and behavior of the end-hosts during) s
5 597 M
( the MP_CAPABLE exchange is the same as specified in [RFC6824].) s
5 575 M
(4. Starting a new subflow) s
5 553 M
( The handshake for the establishment of a new subflow is similar to) s
5 542 M
( the one specified in [RFC6824]. There are three important) s
5 531 M
( differences. First, the HMAC is computed by using the keys) s
5 520 M
( negotiated over the control stream. Second, the token and the) s
5 509 M
( client's random numbers are included inside the third ack to allow) s
5 498 M
( stateless operation of the passive opener of an additional subflow.) s
5 487 M
( Finally, the token is used within the message of the HMAC. This) s
5 476 M
( protects against reflection attacks, as the HMAC cannot be sent in) s
5 465 M
( the reverse direction anymore, because the tokens are ensured to be) s
5 454 M
( different on both end-hosts.) s
5 432 M
( Host A Host B) s
5 421 M
( ---------- ----------) s
5 410 M
( Address A2 Address B2) s
5 399 M
( ---------- ----------) s
5 388 M
( | |) s
5 377 M
( | SYN + MP_JOIN\(Token-B, R-A\) |) s
5 366 M
( |------------------------------------->|) s
5 355 M
( | |) s
5 344 M
( | SYN/ACK + MP_JOIN\(HMAC-B, R-B\) |) s
5 333 M
( |<-------------------------------------|) s
5 322 M
( | |) s
5 311 M
( | ACK + MP_JOIN\(Token-B, R-A, HMAC-A\) |) s
5 300 M
( |------------------------------------->|) s
5 278 M
( HMAC-A = HMAC\(Key, Msg=\(Token-B+R-A+R-B\)\)) s
5 267 M
( HMAC-B = HMAC\(Key, Msg=\(Token-B+R-B+R-A\)\)) s
5 245 M
( Handshake of a new subflow.) s
5 223 M
( Figure 6) s
5 201 M
( In order to allow the Token-B and R-A inside the third ack, the) s
5 190 M
( HMAC-A must also be a truncated version of the 160-bit HMAC-SHA1.) s
5 179 M
( Thus, HMAC-A is the truncated \(leftmost 128 bits\) of the HMAC as) s
5 168 M
( shown in Figure 6.) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 8]) s
_R
S
%%Page: (9) 9
%%BeginPageSetup
_S
18 36 translate
/pagenum 9 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( The message-format of the MP_JOIN-option in the SYN and the SYN/ACK) s
5 652 M
( is the same as in [RFC6824]. As the third ACK includes the Token and) s
5 641 M
( the random nonce, the MP_JOIN message format of the third ack is as) s
5 630 M
( shown in Figure 7. The length of the MP_JOIN-option in the third ACK) s
5 619 M
( is 28 bytes. Thus, there remains enough space to insert the) s
5 608 M
( timestamp option in the third ACK.) s
5 586 M
( 1 2 3) s
5 575 M
( 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1) s
5 564 M
( +---------------+---------------+-------+-------+---------------+) s
5 553 M
( | Kind | Length |Subtype| |B| Address ID |) s
5 542 M
( +---------------+---------------+-------+-------+---------------+) s
5 531 M
( | |) s
5 520 M
( | Sender's Truncated HMAC \(128 bits\) |) s
5 509 M
( | |) s
5 498 M
( +---------------------------------------------------------------+) s
5 487 M
( | Sender's Random Number \(32 bits\) |) s
5 476 M
( +---------------------------------------------------------------+) s
5 465 M
( | Receiver's Token \(32 bits\) |) s
5 454 M
( +---------------------------------------------------------------+) s
5 432 M
( Format of the MP_JOIN-option) s
5 410 M
( Figure 7) s
5 388 M
( The semantics of the backup-bit "B" and the Address ID are the same) s
5 377 M
( as in [RFC6824].) s
5 355 M
(5. Examples of key negotiation through the control stream) s
5 333 M
( The control stream's primary goal is to negotiate the crypto-material) s
5 322 M
( to authenticate additional subflows. Both hosts must agree on which) s
5 311 M
( key-negotiation scheme to use over the control stream. The option) s
5 300 M
( "key select" of the control stream is of type 1 and it negotiates the) s
5 289 M
( available key-negotiation schemes. The value-field of the "key) s
5 278 M
( select"-option contains a bitmask of available key-negotiation) s
5 267 M
( schemes. The bitmask remains to be defined as the schemes are being) s
5 256 M
( defined. The bits within the bitmask are numbered, starting from the) s
5 245 M
( leftmost as being '1'.) s
5 223 M
( The key-select must be initiated by one host and answered by the) s
5 212 M
( other one. During the initiation, the host offers the available) s
5 201 M
( schemes, and the answering host selects one of the offered ones. The) s
5 190 M
( hosts need thus to ensure an order among themself of who initiates) s
5 179 M
( the "key select" option. A possibility would be that the host with) s
5 168 M
( the smaller token initiates the "key select" option.) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 9]) s
_R
S
%%Page: (10) 10
%%BeginPageSetup
_S
18 36 translate
/pagenum 10 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
( The following are examples of how the control stream could be used to) s
5 652 M
( negotiate the cryptographic material. A proper specification is) s
5 641 M
( probably needed for each of them.) s
5 619 M
(5.1. Reusing the application's TLS key) s
5 597 M
( Within the "key select"-option, this negotiation scheme takes the bit) s
5 586 M
( number 1. It signals to the peer that the connection should use a) s
5 575 M
( derivate of TLS's master key to authenticate new subflows with this) s
5 564 M
( "MPTCP key". It is required that indeed TLS is being used within the) s
5 553 M
( data stream.) s
5 531 M
( As TLS allows to modify the key being used during a TLS session, the) s
5 520 M
( control stream might be used to ensure that both end hosts agree on) s
5 509 M
( the "MPTCP key" being used at a specific moment in time through the) s
5 498 M
( exchange of the hash of the "MPTCP key".) s
5 476 M
(5.2. TLS-like key exchange) s
5 454 M
( It enables a key-negotiation in an TLS-like manner, thus) s
5 443 M
( authenticating the client/server through a certificate.) s
5 421 M
(5.3. Tcpcrypt-like key exchange) s
5 399 M
( It uses the control stream, to exchange a secret key in a tcpcrypt-) s
5 388 M
( like manner. Optionally, it may include a data-sequence number to) s
5 377 M
( define from which moment on the data stream should be encrypted.) s
5 355 M
(6. Other example use cases of the control stream) s
5 333 M
( This shows one example of how the control stream can be used within) s
5 322 M
( MPTCP.) s
5 300 M
(6.1. Address signaling) s
5 278 M
( In RFC6824, the address-signaling is achieved through the ADD_ADDRESS) s
5 267 M
( and REMOVE_ADDRESS options. These options are sent within the TCP) s
5 256 M
( options-space and thus do not benefit from reliable delivery.) s
5 245 M
( Further, security-concerns have rosen concerning the ADD_ADDRESS-) s
5 234 M
( option. Using the control stream to signal the addition or removal) s
5 223 M
( of addresses allows to make these options reliable and provides the) s
5 212 M
( space to add any kind of cryptographic material to enhance their) s
5 201 M
( security.) s
5 179 M
(7. Security Considerations) s
5 157 M
( TBD) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 10]) s
_R
S
%%Page: (11) 11
%%BeginPageSetup
_S
18 36 translate
/pagenum 11 def
/fname (draft-paasch-mptcp-control-stream-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-control-stream-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP Control Stream February 2014) s
5 663 M
(8. Acknowledgments) s
5 641 M
( This work is supported by the European FP7 Project "Trilogy2" under) s
5 630 M
( grant agreement 317756.) s
5 608 M
(9. Informative References) s
5 586 M
( [RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness) s
5 575 M
( Requirements for Security", BCP 106, RFC 4086, June 2005.) s
5 553 M
( [RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC) s
5 542 M
( 4960, September 2007.) s
5 520 M
( [RFC6181] Bagnulo, M., "Threat Analysis for TCP Extensions for) s
5 509 M
( Multipath Operation with Multiple Addresses", RFC 6181,) s
5 498 M
( March 2011.) s
5 476 M
( [RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure,) s
5 465 M
( "TCP Extensions for Multipath Operation with Multiple) s
5 454 M
( Addresses", RFC 6824, January 2013.) s
5 432 M
(Authors' Addresses) s
5 410 M
( Christoph Paasch) s
5 399 M
( UCLouvain) s
5 388 M
( Place Sainte Barbe, 2) s
5 377 M
( Louvain-la-Neuve 1348) s
5 366 M
( BE) s
5 344 M
( Email: christoph.paasch@uclouvain.be) s
5 311 M
( Olivier Bonaventure) s
5 300 M
( UCLouvain) s
5 289 M
( Place Sainte Barbe, 2) s
5 278 M
( Louvain-la-Neuve 1348) s
5 267 M
( BE) s
5 245 M
( Email: olivier.bonaventure@uclouvain.be) s
5 102 M
(Paasch & Bonaventure Expires August 15, 2014 [Page 11]) s
_R
S
%%Trailer
%%Pages: 11
%%DocumentNeededResources: font Courier-Bold Courier
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-23 21:54:58 |