IETF Logo Mail Archive

Re: [Alldispatch] WebSocket Extension to disable masking

Eric Rescorla <ekr@rtfm.com> Sat, 16 March 2024 22:31 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: alldispatch@ietfa.amsl.com
Delivered-To: alldispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED3FEC14F694 for <alldispatch@ietfa.amsl.com>; Sat, 16 Mar 2024 15:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLanCT0rs8SV for <alldispatch@ietfa.amsl.com>; Sat, 16 Mar 2024 15:31:08 -0700 (PDT)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B53CFC14F691 for <alldispatch@ietf.org>; Sat, 16 Mar 2024 15:31:08 -0700 (PDT)
Received: by mail-yb1-xb32.google.com with SMTP id 3f1490d57ef6-dd045349d42so2921243276.2 for <alldispatch@ietf.org>; Sat, 16 Mar 2024 15:31:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1710628268; x=1711233068; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=DLtpocUFhEaJi230+3HFwza88r629pN/09CmKdSs07k=; b=US0RSOxuh2eUptzVMErC9Q9CFprIkfLFf8vniozipOmKimMtzVr9ZaiqRTIrNFqBP1 60DW3rDk0jGECcXTY8qO+GuV+6cxneiGmOBmVFN2q55KvNP5H3ADIkVY8DDOopqekHIW wFaz2Q0iP2wmxth2pnoSnpoc4i3VNlhYUKiELRS+Pg2ruuPrfE0wdSszoPTn0V6qjIaG Vd5qC1xjssc6GuJLBcBEX/6MFVFWRSN+5UN9cgpWCQ5lmMNeA/RRer5OsSJXserIsOr3 SsDCXM/1nG2ZnU9N0LNVPrK2daolzbl+VqZt05p1/0iyWRhYMP69i0ujAoO6mDLB/VtT W0YQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710628268; x=1711233068; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DLtpocUFhEaJi230+3HFwza88r629pN/09CmKdSs07k=; b=YL+60+ByYagAK5EOZzdEdHZUEyHih6Fkejli/gBP+/yJYtXhGRJ/7CXNRcjIJQ0kX5 UP6vahN5NOFN4ZqKHauqoyhAuWdNpzv+yDlv0kX7JvdyohwB+nWqn4YNb1/0f0qoowAz jrtjwq6NuTYsbSg0sCbBCbh3WAAr3p3I551y3o28CXODVQUUeyqkX1jcROAcnCYee86U DpOELK+jQKMTtLX0gcBJ6BjhU6nQsSvCj1V59rPYeP1gQ1RTkyq6KVH1L5kndYDbflwJ B5sRmHiBwPKFyHc75Lzs/V/fH9LJxNo8O1tNdyDtS2ZoCuoPhj8HhzWcBHm4Z77rV/l2 vXgA==
X-Gm-Message-State: AOJu0YwLsSm+AgfKs6q9xUBnajy3gVK54Q+jID8XtvUZznkcW+Y0VBWA 2ahkrAc2pbHxNM7JQMXGQFaoGqUQbhTODKMHnpeKr1RbT0PP3F9ONexAFJ5zf/sBnuB07HafdSB yT/LWM6O33XxhCvHEcoB7etgCk4a85Z7obOz0QGV2K6nP/+4r
X-Google-Smtp-Source: AGHT+IGcepSmsBc6IvTFoF6m9J1rIlkGPJ8Fj4ZHxH5J/guvEJQexoaBS6ZzXobgv1yvV2rnSiGDolGafKmJZb5Bmy4=
X-Received: by 2002:a5b:c0c:0:b0:dc6:4062:1341 with SMTP id f12-20020a5b0c0c000000b00dc640621341mr6971961ybq.16.1710628267563; Sat, 16 Mar 2024 15:31:07 -0700 (PDT)
MIME-Version: 1.0
References: <CAG0m4gRyaeo2CRHvJ=m4-Pi--1CxKCR9B2Bmqq5C2MFjCGn_WQ@mail.gmail.com> <CABcZeBOSj3MZZ80x-uU3bYChDBm=BM9iB6TeA3Dnts2Z2qX--Q@mail.gmail.com> <CAG0m4gSpNrMQsJGiJE0w5h0uzfC+tknMbA+X2nvok_7OPJujxw@mail.gmail.com> <CABcZeBN7ussLYuRxgLSAByZp-0CpXurwZMp+rhkSPOZx7in_Mg@mail.gmail.com> <CAG0m4gRdBvFBVHze2t8s=Yq8k1gsmVwR0iD4d3RVYkkKHVStQw@mail.gmail.com>
In-Reply-To: <CAG0m4gRdBvFBVHze2t8s=Yq8k1gsmVwR0iD4d3RVYkkKHVStQw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 16 Mar 2024 15:30:31 -0700
Message-ID: <CABcZeBMYo8-0hBzg=FS96CEDt8-bPayjmY7zPe5EcX6O3odFeQ@mail.gmail.com>
To: Dragana Damjanovic <dragana.damjano@gmail.com>
Cc: alldispatch@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003b380d0613ceae5d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/alldispatch/xOY8S68rFu18rmiDQEls1zqftkg>
Subject: Re: [Alldispatch] WebSocket Extension to disable masking
X-BeenThere: alldispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Alldispatch <alldispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alldispatch>, <mailto:alldispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alldispatch/>
List-Post: <mailto:alldispatch@ietf.org>
List-Help: <mailto:alldispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alldispatch>, <mailto:alldispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2024 22:31:13 -0000

On Fri, Mar 1, 2024 at 6:01 AM Dragana Damjanovic <dragana.damjano@gmail.com>
wrote:

>
>
>> I am aware that TLS encryption does not protect from the original attack.
>>>
>>
>> But then I don't understand what the point of requiring encryption in
>> order to enable this feature is, because the attack in question involves
>> priming the cache on one connection and then having it affect another
>> connection, and it's *that* connection which has to be unencrypted for the
>> attack to succeed. So, it's not clear to me what the restriction to
>> encrypted traffic does.
>>
>>
> The reason I am restricting this to TLS is that it is a bit harder to
> create the attack, not impossible. It also would mean that the vulnerable
> cashing proxies will interpret data coming on port 443 as plain text data
> and cache it. Then later the proxies would serve the data on port 80. I do
> not know how common that is, I would expect it is not very common, because
> I expect the caching would be limited to port 80.
>

I'm not sure that this has the impact you suggest, because the attacker
controls the port on which the data is sent, so they should be able to run
HTTPS on port 80, no?


About the benefits vs. complexity:
>>> The proposal uses an already existing mechanism for negotiating an
>>> extension, therefore adding this extension is fairly simple because the
>>> negotiation already exists. I do not have performance data and the masking
>>> operation, XOR, will not cause a lot of CPU usage, but it is still a
>>> unnecessary operation.
>>>
>>
>>  I agree that the negotiation is not very complicated, but what's even
>> less complicated is to do nothing, and given that you haven't shown any
>> significant cost to the existing design, this doesn't seem like much in the
>> way of motivation.
>>
>
> Even if CPU usage is not affected a lot, on servers that serve a large
> number of connections that will be multiplied by a lot.
>

It would be nice if you were able to quantify this as a fraction of the
cost of the connection as a whole. I suspect the number is extremely low,
given the cost of the cryptography itself.

-Ekr


>
> Dragana
>
>
>>
>> -Ekr
>>
>>
>> -Ekr
>>>>
>>>>
>>>> [0]
>>>> https://www.adambarth.com/papers/2011/huang-chen-barth-rescorla-jackson.pdf
>>>>
>>>> On Wed, Feb 28, 2024 at 4:37 AM Dragana Damjanovic <
>>>> dragana.damjano@gmail.com> wrote:
>>>>
>>>>>
>>>>> Hi,
>>>>> I am looking for the right working group for my draft "WebSocket
>>>>> Extension to disable masking"
>>>>>
>>>>> https://datatracker.ietf.org/doc/draft-damjanovic-websockets-nomasking/
>>>>>
>>>>> There was some discussion about the previous version of the draft in
>>>>> the HTTPbis working group:
>>>>> https://lists.w3.org/Archives/Public/ietf-http-wg/2023AprJun/0135.htmlv
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Dragana
>>>>> --
>>>>> Alldispatch mailing list
>>>>> Alldispatch@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/alldispatch
>>>>>
>>>>

v2.23.0 | Report a Bug | By Email