RFC Errata
RFC 7430, "Analysis of Residual Threats and Possible Fixes for Multipath TCP (MPTCP)", July 2015
Source of RFC: mptcp (tsv)See Also: RFC 7430 w/ inline errata
Errata ID: 4565
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Fabrizio Demaria
Date Reported: 2015-12-14
Verifier Name: Martin Stiemerling
Date Verified: 2016-01-12
Section 6 says:
Summary of the attack: Type of attack: An attacker that can intercept the SYN/JOIN message can alter the source address being added. Type of attacker: partial-time on-path eavesdropper Description: The attacker is present along the path when the SYN/JOIN exchange takes place. This allows the attacker to add any new address it wants to by simply substituting the source address of the SYN/JOIN packet for one it chooses. This vulnerability was readily identified when designing the MPTCP security solution [RFC6181], and the threat was considered acceptable.
It should say:
Summary of the attack: Type of attack: An attacker that can intercept the SYN/JOIN message can alter the source address being added. Type of attacker: partial-time on-path active attacker Description: The attacker is present along the path when the SYN/JOIN exchange takes place. This allows the attacker to add any new address it wants to by simply substituting the source address of the SYN/JOIN packet for one it chooses. This vulnerability was readily identified when designing the MPTCP security solution [RFC6181], and the threat was considered acceptable.
Notes:
As noted in section 1, an active attacker is able to change, discard, or delay some of the packets of the MPTCP session. This coincide with the description of the SYN/JOIN attack in section 6.