> From: Patrick Frejborg <pfrejb...@gmail.com>
> it opens up a possibility to hijack sessions, if the control packets
> during the session transition are not protected
> ...
> But perhaps MPTCP can get around this problem in an easier way?
I dunno - I operate on the principle that anytime there's a binding that can
be changed dynamically, if changing the binding is not protected, then the
binding can be hijacked.
So if, e.g. all potential addresses are listed in the SYN packet, you'd be
safe, because that's not dynamic. It's just as secure as existing TCP, which
depends for security on addresses being 'secure' (i.e. a packet to X is
actually delivered to X) - and you know all the addresses are OK because that
came in the same packet that started the connection.
But if addresses can be added later, then the mechanism for doing so has to
be secured. (Although there are a number of ways to do that; but if there's
a MITM attacker 'simple' things like depending on sequence numbers might not
work.)
Noel
_______________________________________________
rrg mailing list
rrg@irtf.org
http://www.irtf.org/mailman/listinfo/rrg
