Re: Design Issue: Overlong Frames

James M Snell <jasnell@gmail.com> Fri, 10 May 2013 20:05 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A95C521F915B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 10 May 2013 13:05:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.407
X-Spam-Level:
X-Spam-Status: No, score=-10.407 tagged_above=-999 required=5 tests=[AWL=-0.109, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JiLkd1BS6B-d for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 10 May 2013 13:05:01 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 4E02721F9154 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 10 May 2013 13:05:01 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UatYQ-0004c8-99 for ietf-http-wg-dist@listhub.w3.org; Fri, 10 May 2013 20:04:34 +0000
Resent-Date: Fri, 10 May 2013 20:04:34 +0000
Resent-Message-Id: <E1UatYQ-0004c8-99@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jasnell@gmail.com>) id 1UatYF-0004ZP-Or for ietf-http-wg@listhub.w3.org; Fri, 10 May 2013 20:04:23 +0000
Received: from mail-oa0-f48.google.com ([209.85.219.48]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <jasnell@gmail.com>) id 1UatYD-00058N-9J for ietf-http-wg@w3.org; Fri, 10 May 2013 20:04:23 +0000
Received: by mail-oa0-f48.google.com with SMTP id i4so5419784oah.21 for <ietf-http-wg@w3.org>; Fri, 10 May 2013 13:03:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=6L8zo1BAlqP7jR1Wik2dnUou+Dk4dFanX8ehTdrIEB0=; b=qT1uMEE8/kXPkuyUAvc6S2c+6FgYWElifl//BDVikTQSjgLVJCKgkT75gO63NExxWG 0FRhgist/SspzmxRtgoMQJS34Z1oCPjbLrstlMrxUcY1NCWsmfDQCI8YGXVUh23wp5Jm 7RIX75WDI/pQtS74+9yCWBqxsdfMSVs2NY2EEOoqNhdzR6SNxDqhjfwutsazCpwRIpd/ BaTnJedTi3ML5JTXo2Y6gF266gWNAWNEIdQNq41d3+hPXf4imMjQOsabsS6W1JKaxY8h Ykm2/JLwI6jWiXk6HZqt7bUHmK5S7HpPNM2Rmj7hTsZL3r0UQrGgpe7X3DQJLIgkooat VubQ==
MIME-Version: 1.0
X-Received: by 10.60.16.69 with SMTP id e5mr7764785oed.46.1368216235477; Fri, 10 May 2013 13:03:55 -0700 (PDT)
Received: by 10.60.3.137 with HTTP; Fri, 10 May 2013 13:03:55 -0700 (PDT)
Received: by 10.60.3.137 with HTTP; Fri, 10 May 2013 13:03:55 -0700 (PDT)
In-Reply-To: <CAA4WUYi0dsLZ9vdTHmaZsteK=fcGTYdwO+tn6L7SM0qYQTX0Dg@mail.gmail.com>
References: <CABP7RbewOju850tE2GV2U4JZVawGTFGoWoYF7LaofGdKcXYqZg@mail.gmail.com> <CABkgnnXZY7aSRmVb-GsfDVpq3+cNXRh_MeUipWGVHUwQreUV6g@mail.gmail.com> <CABP7RbcUuYVG9v6aoC1m1qkHw6M2xb4eOzY32QgieKDznDZefg@mail.gmail.com> <CABkgnnX=bFRg39aK6Ba4XzcKEz84oyt7GL+US7zHw+wonQve6g@mail.gmail.com> <CABP7RbeciZeqz=YQKDSQ3gEe-UUXZn_YigdQiB7y5QTiPC2=_w@mail.gmail.com> <CAA4WUYi0dsLZ9vdTHmaZsteK=fcGTYdwO+tn6L7SM0qYQTX0Dg@mail.gmail.com>
Date: Fri, 10 May 2013 13:03:55 -0700
Message-ID: <CABP7Rbcximk=PS7Zxq+iRBbzDVuC87VwX1epn8qYd1E99Qx9hA@mail.gmail.com>
From: James M Snell <jasnell@gmail.com>
To: =?UTF-8?B?Q2hhbldpbGxpYW0o6ZmI5pm65piMKQ==?= <willchan@chromium.org>
Cc: ietf-http-wg@w3.org, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary=089e0149c674b1122604dc62aad6
Received-SPF: pass client-ip=209.85.219.48; envelope-from=jasnell@gmail.com; helo=mail-oa0-f48.google.com
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-2.638, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UatYD-00058N-9J de6eedb7904387d6f9777943ddd07fde
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Design Issue: Overlong Frames
Archived-At: <http://www.w3.org/mid/CABP7Rbcximk=PS7Zxq+iRBbzDVuC87VwX1epn8qYd1E99Qx9hA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17936
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

If that's a real possibility, then we can easily add an optional length
prefixed text field to the goaway frame definition.
On May 10, 2013 12:56 PM, "William Chan (陈智昌)" <willchan@chromium.org>
wrote:

> Non-theoretical reason for extending GOAWAY: adding debug strings
> explaining an error in more detail.
>
> No comment on extensibility mechanisms.
>
>
> On Fri, May 10, 2013 at 4:40 PM, James M Snell <jasnell@gmail.com> wrote:
>
>>
>> On May 10, 2013 12:00 PM, "Martin Thomson" <martin.thomson@gmail.com>
>> wrote:
>> >
>> > On 10 May 2013 11:29, James M Snell <jasnell@gmail.com> wrote:
>> > > On Fri, May 10, 2013 at 10:36 AM, Martin Thomson
>> > > <martin.thomson@gmail.com> wrote:
>> > >> On 9 May 2013 10:26, James M Snell <jasnell@gmail.com> wrote:
>> > >>> Recommendation: Adding a short statement that a PROTOCOL_ERROR MUST
>> be
>> > >>> returned if a frame contains more bytes than what is expressly
>> > >>> specified in the frame definition.
>> > >>
>> > >> That would prevent extension unnecessarily.  And it doesn't do
>> > >> anything to improve security.
>> > >
>> > > How does it prevent extension? If someone wants to extend an existing
>> > > frame to include new data, it can define a new frame type.
>> >
>> > I can't extend GOAWAY.  Who knows, maybe I might want to be more
>> > specific about the streams that will be processed prior to session
>> > end.
>> >
>>
>> If there are non-theoretical reasons for why one may wish to extend a
>> frame like goaway, then extensibility should be expressly included in the
>> design as part of the format.
>>
>> - James
>>
>> > >> When you want to harden security, you need to consider what
>> equivalent
>> > >> options are available to an attacker.  If I wanted to send you more
>> > >> data, then I will use DATA frames.  Unless you can find a way to
>> > >> curtail DATA I see no reason to clamp down here.
>> > >
>> > > In my experience, it's generally better to limit the exploitation
>> options ;-)
>> >
>> > It doesn't limit options in any meaningful way.  This would be
>> > analogous to double-deadlocking the front door while leaving the
>> > adjacent windows wide open.  I know that the extension argument isn't
>> > especially strong, for a range of reasons, but I see no point in
>> > over-engineering this aspect.
>>
>
>