One document matched: draft-paasch-mptcp-ssl-00.ps
%!PS-Adobe-3.0
%%BoundingBox: 18 36 594 756
%%Title: Enscript Output
%%Creator: GNU Enscript 1.6.5.90
%%CreationDate: Mon Oct 15 13:45:22 2012
%%Orientation: Portrait
%%Pages: (atend)
%%DocumentMedia: Letter 612 792 0 () ()
%%DocumentNeededResources: (atend)
%%EndComments
%%BeginProlog
%%BeginResource: procset Enscript-Prolog 1.6.5 90
%
% Procedures.
%
/_S { % save current state
/_s save def
} def
/_R { % restore from saved state
_s restore
} def
/S { % showpage protecting gstate
gsave
showpage
grestore
} bind def
/MF { % fontname newfontname -> - make a new encoded font
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
% insert only valid encoding vectors
encoding_vector length 256 eq {
newfont /Encoding encoding_vector put
} if
newfontname newfont definefont pop
} def
/MF_PS { % fontname newfontname -> - make a new font preserving its enc
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
newfontname newfont definefont pop
} def
/SF { % fontname width height -> - set a new font
/height exch def
/width exch def
findfont
[width 0 0 height 0 0] makefont setfont
} def
/SUF { % fontname width height -> - set a new user font
/height exch def
/width exch def
/F-gs-user-font MF
/F-gs-user-font width height SF
} def
/SUF_PS { % fontname width height -> - set a new user font preserving its enc
/height exch def
/width exch def
/F-gs-user-font MF_PS
/F-gs-user-font width height SF
} def
/M {moveto} bind def
/s {show} bind def
/Box { % x y w h -> - define box path
/d_h exch def /d_w exch def /d_y exch def /d_x exch def
d_x d_y moveto
d_w 0 rlineto
0 d_h rlineto
d_w neg 0 rlineto
closepath
} def
/bgs { % x y height blskip gray str -> - show string with bg color
/str exch def
/gray exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
gray setgray
fill
grestore
x y M str s
} def
/bgcs { % x y height blskip red green blue str -> - show string with bg color
/str exch def
/blue exch def
/green exch def
/red exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
red green blue setrgbcolor
fill
grestore
x y M str s
} def
% Highlight bars.
/highlight_bars { % nlines lineheight output_y_margin gray -> -
gsave
setgray
/ymarg exch def
/lineheight exch def
/nlines exch def
% This 2 is just a magic number to sync highlight lines to text.
0 d_header_y ymarg sub 2 sub translate
/cw d_output_w cols div def
/nrows d_output_h ymarg 2 mul sub lineheight div cvi def
% for each column
0 1 cols 1 sub {
cw mul /xp exch def
% for each rows
0 1 nrows 1 sub {
/rn exch def
rn lineheight mul neg /yp exch def
rn nlines idiv 2 mod 0 eq {
% Draw highlight bar. 4 is just a magic indentation.
xp 4 add yp cw 8 sub lineheight neg Box fill
} if
} for
} for
grestore
} def
% Line highlight bar.
/line_highlight { % x y width height gray -> -
gsave
/gray exch def
Box gray setgray fill
grestore
} def
% Column separator lines.
/column_lines {
gsave
.1 setlinewidth
0 d_footer_h translate
/cw d_output_w cols div def
1 1 cols 1 sub {
cw mul 0 moveto
0 d_output_h rlineto stroke
} for
grestore
} def
% Column borders.
/column_borders {
gsave
.1 setlinewidth
0 d_footer_h moveto
0 d_output_h rlineto
d_output_w 0 rlineto
0 d_output_h neg rlineto
closepath stroke
grestore
} def
% Do the actual underlay drawing
/draw_underlay {
ul_style 0 eq {
ul_str true charpath stroke
} {
ul_str show
} ifelse
} def
% Underlay
/underlay { % - -> -
gsave
0 d_page_h translate
d_page_h neg d_page_w atan rotate
ul_gray setgray
ul_font setfont
/dw d_page_h dup mul d_page_w dup mul add sqrt def
ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto
draw_underlay
grestore
} def
/user_underlay { % - -> -
gsave
ul_x ul_y translate
ul_angle rotate
ul_gray setgray
ul_font setfont
0 0 ul_h_ptsize 2 div sub moveto
draw_underlay
grestore
} def
% Page prefeed
/page_prefeed { % bool -> -
statusdict /prefeed known {
statusdict exch /prefeed exch put
} {
pop
} ifelse
} def
% Wrapped line markers
/wrapped_line_mark { % x y charwith charheight type -> -
/type exch def
/h exch def
/w exch def
/y exch def
/x exch def
type 2 eq {
% Black boxes (like TeX does)
gsave
0 setlinewidth
x w 4 div add y M
0 h rlineto w 2 div 0 rlineto 0 h neg rlineto
closepath fill
grestore
} {
type 3 eq {
% Small arrows
gsave
.2 setlinewidth
x w 2 div add y h 2 div add M
w 4 div 0 rlineto
x w 4 div add y lineto stroke
x w 4 div add w 8 div add y h 4 div add M
x w 4 div add y lineto
w 4 div h 8 div rlineto stroke
grestore
} {
% do nothing
} ifelse
} ifelse
} def
% EPSF import.
/BeginEPSF {
/b4_Inc_state save def % Save state for cleanup
/dict_count countdictstack def % Count objects on dict stack
/op_count count 1 sub def % Count objects on operand stack
userdict begin
/showpage { } def
0 setgray 0 setlinecap
1 setlinewidth 0 setlinejoin
10 setmiterlimit [ ] 0 setdash newpath
/languagelevel where {
pop languagelevel
1 ne {
false setstrokeadjust false setoverprint
} if
} if
} bind def
/EndEPSF {
count op_count sub { pos } repeat % Clean up stacks
countdictstack dict_count sub { end } repeat
b4_Inc_state restore
} bind def
% Check PostScript language level.
/languagelevel where {
pop /gs_languagelevel languagelevel def
} {
/gs_languagelevel 1 def
} ifelse
%%EndResource
%%BeginResource: procset Enscript-Encoding-88591 1.6.5 90
/encoding_vector [
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclam /quotedbl /numbersign
/dollar /percent /ampersand /quoteright
/parenleft /parenright /asterisk /plus
/comma /hyphen /period /slash
/zero /one /two /three
/four /five /six /seven
/eight /nine /colon /semicolon
/less /equal /greater /question
/at /A /B /C
/D /E /F /G
/H /I /J /K
/L /M /N /O
/P /Q /R /S
/T /U /V /W
/X /Y /Z /bracketleft
/backslash /bracketright /asciicircum /underscore
/quoteleft /a /b /c
/d /e /f /g
/h /i /j /k
/l /m /n /o
/p /q /r /s
/t /u /v /w
/x /y /z /braceleft
/bar /braceright /tilde /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclamdown /cent /sterling
/currency /yen /brokenbar /section
/dieresis /copyright /ordfeminine /guillemotleft
/logicalnot /hyphen /registered /macron
/degree /plusminus /twosuperior /threesuperior
/acute /mu /paragraph /bullet
/cedilla /onesuperior /ordmasculine /guillemotright
/onequarter /onehalf /threequarters /questiondown
/Agrave /Aacute /Acircumflex /Atilde
/Adieresis /Aring /AE /Ccedilla
/Egrave /Eacute /Ecircumflex /Edieresis
/Igrave /Iacute /Icircumflex /Idieresis
/Eth /Ntilde /Ograve /Oacute
/Ocircumflex /Otilde /Odieresis /multiply
/Oslash /Ugrave /Uacute /Ucircumflex
/Udieresis /Yacute /Thorn /germandbls
/agrave /aacute /acircumflex /atilde
/adieresis /aring /ae /ccedilla
/egrave /eacute /ecircumflex /edieresis
/igrave /iacute /icircumflex /idieresis
/eth /ntilde /ograve /oacute
/ocircumflex /otilde /odieresis /divide
/oslash /ugrave /uacute /ucircumflex
/udieresis /yacute /thorn /ydieresis
] def
%%EndResource
%%EndProlog
%%BeginSetup
%%IncludeResource: font Courier-Bold
%%IncludeResource: font Courier
/HFpt_w 10 def
/HFpt_h 10 def
/Courier-Bold /HF-gs-font MF
/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def
/Courier /F-gs-font MF
/F-gs-font 10 10 SF
/#copies 1 def
% Pagedevice definitions:
gs_languagelevel 1 gt {
<<
/PageSize [612 792]
>> setpagedevice
} if
/d_page_w 576 def
/d_page_h 720 def
/d_header_x 0 def
/d_header_y 720 def
/d_header_w 576 def
/d_header_h 0 def
/d_footer_x 0 def
/d_footer_y 0 def
/d_footer_w 576 def
/d_footer_h 0 def
/d_output_w 576 def
/d_output_h 720 def
/cols 1 def
%%EndSetup
%%Page: (1) 1
%%BeginPageSetup
_S
18 36 translate
/pagenum 1 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 674 M
(MPTCP C. Paasch, Ed.) s
5 663 M
(Internet-Draft O. Bonaventure) s
5 652 M
(Intended status: Informational UCLouvain) s
5 641 M
(Expires: April 18, 2013 October 15, 2012) s
5 608 M
( Securing the MultiPath TCP handshake with external keys) s
5 597 M
( draft-paasch-mptcp-ssl-00) s
5 575 M
(Abstract) s
5 553 M
( Multipath TCP currently relies on the exchange of keys in clear) s
5 542 M
( during the initial handshake to authenticate the establishment of) s
5 531 M
( additional subflows. This document proposes a variant of the) s
5 520 M
( Multipath TCP handshake that allows Multipath TCP to reuse keys) s
5 509 M
( negotiated by the Application layer protocol above it such as SSL/TLS) s
5 498 M
( to authenticate the establishment of additional subflows.) s
5 476 M
(Status of this Memo) s
5 454 M
( This Internet-Draft is submitted in full conformance with the) s
5 443 M
( provisions of BCP 78 and BCP 79.) s
5 421 M
( Internet-Drafts are working documents of the Internet Engineering) s
5 410 M
( Task Force \(IETF\). Note that other groups may also distribute) s
5 399 M
( working documents as Internet-Drafts. The list of current Internet-) s
5 388 M
( Drafts is at http://datatracker.ietf.org/drafts/current/.) s
5 366 M
( Internet-Drafts are draft documents valid for a maximum of six months) s
5 355 M
( and may be updated, replaced, or obsoleted by other documents at any) s
5 344 M
( time. It is inappropriate to use Internet-Drafts as reference) s
5 333 M
( material or to cite them other than as "work in progress.") s
5 311 M
( This Internet-Draft will expire on April 18, 2013.) s
5 289 M
(Copyright Notice) s
5 267 M
( Copyright \(c\) 2012 IETF Trust and the persons identified as the) s
5 256 M
( document authors. All rights reserved.) s
5 234 M
( This document is subject to BCP 78 and the IETF Trust's Legal) s
5 223 M
( Provisions Relating to IETF Documents) s
5 212 M
( \(http://trustee.ietf.org/license-info\) in effect on the date of) s
5 201 M
( publication of this document. Please review these documents) s
5 190 M
( carefully, as they describe your rights and restrictions with respect) s
5 179 M
( to this document. Code Components extracted from this document must) s
5 168 M
( include Simplified BSD License text as described in Section 4.e of) s
5 157 M
( the Trust Legal Provisions and are provided without warranty as) s
5 113 M
(Paasch & Bonaventure Expires April 18, 2013 [Page 1]) s
_R
S
%%Page: (2) 2
%%BeginPageSetup
_S
18 36 translate
/pagenum 2 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP App Security October 2012) s
5 663 M
( described in the Simplified BSD License.) s
5 630 M
(Table of Contents) s
5 608 M
( 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3) s
5 597 M
( 2. Connection initiation . . . . . . . . . . . . . . . . . . . . . 3) s
5 586 M
( 3. Multipath TCP API . . . . . . . . . . . . . . . . . . . . . . . 4) s
5 575 M
( 4. Starting a new subflow . . . . . . . . . . . . . . . . . . . . 4) s
5 564 M
( 5. Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . 6) s
5 553 M
( 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7) s
5 542 M
( 7. Informative References . . . . . . . . . . . . . . . . . . . . 7) s
5 531 M
( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7) s
5 102 M
(Paasch & Bonaventure Expires April 18, 2013 [Page 2]) s
_R
S
%%Page: (3) 3
%%BeginPageSetup
_S
18 36 translate
/pagenum 3 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP App Security October 2012) s
5 663 M
(1. Introduction) s
5 641 M
( Multipath TCP is an extension to TCP that enables hosts to use) s
5 630 M
( multiple paths to exchange data for a single connection.) s
5 619 M
( [I-D.ietf-mptcp-multiaddressed] describes the current design of the) s
5 608 M
( Multipath TCP protocol. The design of Multipath TCP has been) s
5 597 M
( influenced by various factors including the backward compatibility) s
5 586 M
( with regular TCP, the fallback to TCP when middleboxes interfere with) s
5 575 M
( the Multipath TCP options, ... The design of Multipath TCP has also) s
5 564 M
( been affected by security requirements. The security threats against) s
5 553 M
( Multipath TCP are documented in [RFC6181]. Multipath TCP aims at) s
5 542 M
( being no worse than TCP from a security viewpoint. Other approaches) s
5 531 M
( such as [I-D.bittau-tcp-crypt] or [RFC5925] have been proposed to) s
5 520 M
( reduce the vulnerability of TCP to attacks. Multipath TCP currently) s
5 509 M
( addresses the security threats identified in [RFC6181] by exchanging) s
5 498 M
( keys during the handshake for the initial subflow. These keys are) s
5 487 M
( then used to generate HMACs to authenticate the establishment of) s
5 476 M
( subsequent TCP subflows. Exchanging keys in clear during the initial) s
5 465 M
( handshake has obvious shortcomings from a security viewpoint.) s
5 454 M
( However, some application-layer protocols like SSL/TLS or ssh already) s
5 443 M
( negotiate a shared key between the end-points. In this document we) s
5 432 M
( propose a modification to the handshake used by Multipath TCP for the) s
5 421 M
( initial and subsequent subflows that enables Multipath TCP to rely on) s
5 410 M
( an application-supplied key to authenticate the establishment of the) s
5 399 M
( subflows.) s
5 366 M
(2. Connection initiation) s
5 344 M
( The handshake of the initial subflow is a small variation to the) s
5 333 M
( handshake of [I-D.ietf-mptcp-multiaddressed] or) s
5 322 M
( draft-paasch-mptcp-lowoverhead-00. The header of the MP_CAPABLE) s
5 311 M
( option of these two MPTCP-versions has the format as shown in the) s
5 300 M
( below figure.) s
5 278 M
( 1 2 3) s
5 267 M
( 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1) s
5 256 M
( +---------------+---------------+-------+-------+---------------+) s
5 245 M
( | Kind | Length |Subtype|Version|A|B|C|D|E|F|G|H|) s
5 234 M
( +---------------+---------------+-------+-------+---------------+) s
5 212 M
( Header of the MP_CAPABLE option) s
5 190 M
( Figure 1) s
5 168 M
( We propose to use the B bit in this option to indicate whether the) s
5 157 M
( host that sent the MP_CAPABLE option will use an application supplied) s
5 146 M
( key to authenticate the additional subflows or not. When the B bit) s
5 102 M
(Paasch & Bonaventure Expires April 18, 2013 [Page 3]) s
_R
S
%%Page: (4) 4
%%BeginPageSetup
_S
18 36 translate
/pagenum 4 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP App Security October 2012) s
5 663 M
( is set, it indicates that the authentication key is supplied by the) s
5 652 M
( application. If the B bit has not been set in both directions, the) s
5 641 M
( authentication mechanism is used as defined by the MPTCP version) s
5 630 M
( \([I-D.ietf-mptcp-multiaddressed] or) s
5 619 M
( draft-paasch-mptcp-lowoverhead-00\).) s
5 597 M
( In MPTCP version 0, even if the B bit is set the end-hosts still have) s
5 586 M
( to generate a key that fulfills the requirements as defined in MPTCP) s
5 575 M
( version 0. This is necessary to handle the case where the client) s
5 564 M
( supports the B bit, but the server not yet. For a more in-depth) s
5 553 M
( analysis of this kind of deployment scenario, have a look at) s
5 542 M
( Section 5.) s
5 520 M
( By using the same handshake as draft-paasch-mptcp-lowoverhead-00, the) s
5 509 M
( proposed handshake can also benefit from the lower overhead for) s
5 498 M
( generating the token and thus the faster establishment of the initial) s
5 487 M
( subflow.) s
5 454 M
(3. Multipath TCP API) s
5 432 M
( The proposed mechanism requires an interaction between the) s
5 421 M
( application and the MPTCP layer. This can be achieved by the means) s
5 410 M
( of socket options. Two socket options are necessary:) s
5 388 M
( o MPTCP_ENABLE_APP_KEY : This socket option tells the socket layer) s
5 377 M
( that an application supplied key will be used to secure the) s
5 366 M
( establishement of additional subflows. This socket option MUST be) s
5 355 M
( used before establishing the initial subflow, or before starting) s
5 344 M
( to listen on a socket to accept new connections. When this socket) s
5 333 M
( option is used, the MP_CAPABLE option is sent with the "B"-bit set) s
5 322 M
( to 1.) s
5 300 M
( o MPTCP_KEY : This socket option allows the application to provide a) s
5 289 M
( key to the MPTCP layer. Both end-points MUST use this socket) s
5 278 M
( option in order to allow the MPTCP-layer to create new subflows.) s
5 267 M
( It is up to the application to negotiate the key between the end-) s
5 256 M
( points. E.g., in the case of SSL/TLS, the key can be a hash of) s
5 245 M
( the shared secret that has been negotiated with the SSL exchange.) s
5 234 M
( Separate documents will describe in details how applications such) s
5 223 M
( as TLS or SSH can pass a shared secret to Multipath TCP by using) s
5 212 M
( this option.) s
5 179 M
(4. Starting a new subflow) s
5 157 M
( The handshake for the establishment of a new subflow is similar to) s
5 146 M
( the one specified in [I-D.ietf-mptcp-multiaddressed]. There are two) s
5 102 M
(Paasch & Bonaventure Expires April 18, 2013 [Page 4]) s
_R
S
%%Page: (5) 5
%%BeginPageSetup
_S
18 36 translate
/pagenum 5 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP App Security October 2012) s
5 663 M
( important differences. First, the HMAC is computed by using the keys) s
5 652 M
( provided by the application. Second, the token and the client's) s
5 641 M
( random number are included inside the third ack to allow stateless) s
5 630 M
( operation of the passive opener of an additional subflow.) s
5 608 M
( Host A Host B) s
5 597 M
( ---------- ----------) s
5 586 M
( Address A2 Address B2) s
5 575 M
( ---------- ----------) s
5 564 M
( | |) s
5 553 M
( | SYN + MP_JOIN\(Token-B, R-A\) |) s
5 542 M
( |------------------------------------->|) s
5 531 M
( | |) s
5 520 M
( | SYN/ACK + MP_JOIN\(HMAC-B, R-B\) |) s
5 509 M
( |<-------------------------------------|) s
5 498 M
( | |) s
5 487 M
( | ACK + MP_JOIN\(Token-B, R-A, HMAC-A\) |) s
5 476 M
( |------------------------------------->|) s
5 454 M
( HMAC-A = HMAC\(Key, Msg=\(R-A+R-B\)\)) s
5 443 M
( HMAC-B = HMAC\(Key, Msg=\(R-B+R-A\)\)) s
5 421 M
( Handshake of a new subflow.) s
5 399 M
( Figure 2) s
5 377 M
( In order to allow the Token-B and R-A inside the third ack, the) s
5 366 M
( HMAC-A must also be a truncated version of the 160-bit HMAC-SHA1.) s
5 355 M
( Thus, HMAC-A is the truncated \(leftmost 128 bits\) of the HMAC as) s
5 344 M
( shown in Figure 2.) s
5 322 M
( The message-format of the MP_JOIN-option in the SYN and the SYN/ACK) s
5 311 M
( is the same as in [I-D.ietf-mptcp-multiaddressed]. As the third ACK) s
5 300 M
( includes the Token and the random nonce, the MP_JOIN message format) s
5 289 M
( of the third ack is as show in Figure 3. The length of the MP_JOIN-) s
5 278 M
( option in the third ACK is 28 bytes. There remains thus enough space) s
5 267 M
( to insert the timestamp option in the third ACK.) s
5 102 M
(Paasch & Bonaventure Expires April 18, 2013 [Page 5]) s
_R
S
%%Page: (6) 6
%%BeginPageSetup
_S
18 36 translate
/pagenum 6 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP App Security October 2012) s
5 663 M
( 1 2 3) s
5 652 M
( 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1) s
5 641 M
( +---------------+---------------+-------+-------+---------------+) s
5 630 M
( | Kind | Length |Subtype| |B| Address ID |) s
5 619 M
( +---------------+---------------+-------+-------+---------------+) s
5 608 M
( | |) s
5 597 M
( | Sender's Truncated HMAC \(128 bits\) |) s
5 586 M
( | |) s
5 575 M
( +---------------------------------------------------------------+) s
5 564 M
( | Sender's Random Number \(32 bits\) |) s
5 553 M
( +---------------------------------------------------------------+) s
5 542 M
( | Receiver's Token \(32 bits\) |) s
5 531 M
( +---------------------------------------------------------------+) s
5 509 M
( Format of the MP_JOIN-option) s
5 487 M
( Figure 3) s
5 465 M
( The semantics of the backup-bit "B" and the Address ID are the same) s
5 454 M
( as in [I-D.ietf-mptcp-multiaddressed].) s
5 421 M
(5. Deployment) s
5 399 M
( This proposed mechanism assumes that the application uses new socket-) s
5 388 M
( options to provide the key to the MPTCP-layer. Thus, the first) s
5 377 M
( requirement for deploying this MPTCP handshake is that the TLS/) s
5 366 M
( SSL-layer has been modified. There may of course be scenarios, where) s
5 355 M
( the client is supporting the proposed solution, but the server not.) s
5 344 M
( Thus, the client sends out the MP_CAPABLE with the B bit set, but the) s
5 333 M
( server replies without enabling the B bit. Upon reception of the) s
5 322 M
( SYN/ACK, it is up to the client's policy how to react. It can either) s
5 311 M
( continue with the negotiated version of MPTCP but without using the) s
5 300 M
( key from the application or fallback to regular TCP.) s
5 278 M
( The applications will have to pass the shared key to the MPTCP-layer) s
5 267 M
( by the means of a socket-option. It may be that the client's) s
5 256 M
( application has already done the call to the socket-option but the) s
5 245 M
( server's application not yet. The server will receive a SYN with the) s
5 234 M
( MP_JOIN-option, without knowing the key. In that case the server) s
5 223 M
( should silently drop the SYN. The TCP retransmission mechanism on) s
5 212 M
( the client-side will retransmit the SYN after the initial RTO expired) s
5 201 M
( \(after 1 second\). And the server's application potentially will have) s
5 190 M
( finally set the key via the socket-option.) s
5 102 M
(Paasch & Bonaventure Expires April 18, 2013 [Page 6]) s
_R
S
%%Page: (7) 7
%%BeginPageSetup
_S
18 36 translate
/pagenum 7 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP App Security October 2012) s
5 663 M
(6. Security Considerations) s
5 641 M
( It is recommended that the applications do not pass the plain shared) s
5 630 M
( key to the MPTCP layer. They should rather pass a hash of their) s
5 619 M
( shared secret to the MPTCP layer. These security considerations will) s
5 608 M
( be discussed in documents that describe how applications such as TLS/) s
5 597 M
( SSL or SSH can interact efficiently with Multipath TCP.) s
5 564 M
(7. Informative References) s
5 542 M
( [I-D.bittau-tcp-crypt]) s
5 531 M
( Bittau, A., Boneh, D., Hamburg, M., Handley, M., Mazieres,) s
5 520 M
( D., and Q. Slack, "Cryptographic protection of TCP Streams) s
5 509 M
( \(tcpcrypt\)", draft-bittau-tcp-crypt-03 \(work in progress\),) s
5 498 M
( September 2012.) s
5 476 M
( [I-D.ietf-mptcp-api]) s
5 465 M
( Scharf, M. and A. Ford, "MPTCP Application Interface) s
5 454 M
( Considerations", draft-ietf-mptcp-api-05 \(work in) s
5 443 M
( progress\), April 2012.) s
5 421 M
( [I-D.ietf-mptcp-multiaddressed]) s
5 410 M
( Ford, A., Raiciu, C., Handley, M., and O. Bonaventure,) s
5 399 M
( "TCP Extensions for Multipath Operation with Multiple) s
5 388 M
( Addresses", draft-ietf-mptcp-multiaddressed-10 \(work in) s
5 377 M
( progress\), October 2012.) s
5 355 M
( [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP) s
5 344 M
( Authentication Option", RFC 5925, June 2010.) s
5 322 M
( [RFC6181] Bagnulo, M., "Threat Analysis for TCP Extensions for) s
5 311 M
( Multipath Operation with Multiple Addresses", RFC 6181,) s
5 300 M
( March 2011.) s
5 267 M
(Authors' Addresses) s
5 245 M
( Christoph Paasch \(editor\)) s
5 234 M
( UCLouvain) s
5 223 M
( Place Sainte Barbe, 2) s
5 212 M
( Louvain-la-Neuve, 1348) s
5 201 M
( BE) s
5 179 M
( Email: christoph.paasch@uclouvain.be) s
5 102 M
(Paasch & Bonaventure Expires April 18, 2013 [Page 7]) s
_R
S
%%Page: (8) 8
%%BeginPageSetup
_S
18 36 translate
/pagenum 8 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 696 M
(Internet-Draft MPTCP App Security October 2012) s
5 663 M
( Olivier Bonaventure) s
5 652 M
( UCLouvain) s
5 641 M
( Place Sainte Barbe, 2) s
5 630 M
( Louvain-la-Neuve, 1348) s
5 619 M
( BE) s
5 597 M
( Email: olivier.bonaventure@uclouvain.be) s
5 102 M
(Paasch & Bonaventure Expires April 18, 2013 [Page 8]) s
_R
S
%%Page: (9) 9
%%BeginPageSetup
_S
18 36 translate
/pagenum 9 def
/fname (draft-paasch-mptcp-ssl-00.txt) def
/fdir (.) def
/ftail (draft-paasch-mptcp-ssl-00.txt) def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
_R
S
%%Trailer
%%Pages: 9
%%DocumentNeededResources: font Courier-Bold Courier
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-23 20:00:31 |