> From: Patrick Frejborg <pfrejb...@gmail.com> > it opens up a possibility to hijack sessions, if the control packets > during the session transition are not protected > ... > But perhaps MPTCP can get around this problem in an easier way?
I dunno - I operate on the principle that anytime there's a binding that can be changed dynamically, if changing the binding is not protected, then the binding can be hijacked. So if, e.g. all potential addresses are listed in the SYN packet, you'd be safe, because that's not dynamic. It's just as secure as existing TCP, which depends for security on addresses being 'secure' (i.e. a packet to X is actually delivered to X) - and you know all the addresses are OK because that came in the same packet that started the connection. But if addresses can be added later, then the mechanism for doing so has to be secured. (Although there are a number of ways to do that; but if there's a MITM attacker 'simple' things like depending on sequence numbers might not work.) Noel _______________________________________________ rrg mailing list rrg@irtf.org http://www.irtf.org/mailman/listinfo/rrg