IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Ian Hickson <ian@hixie.ch> Mon, 27 September 2010 04:48 UTC

Return-Path: <ian@hixie.ch>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4BD43A6833 for <hybi@core3.amsl.com>; Sun, 26 Sep 2010 21:48:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.478
X-Spam-Level:
X-Spam-Status: No, score=-2.478 tagged_above=-999 required=5 tests=[AWL=0.121, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sI+mEs22iC3O for <hybi@core3.amsl.com>; Sun, 26 Sep 2010 21:48:25 -0700 (PDT)
Received: from homiemail-a44.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by core3.amsl.com (Postfix) with ESMTP id 04CE43A6C61 for <hybi@ietf.org>; Sun, 26 Sep 2010 21:46:28 -0700 (PDT)
Received: from homiemail-a44.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a44.g.dreamhost.com (Postfix) with ESMTP id 1EE13118064; Sun, 26 Sep 2010 21:47:03 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=hixie.ch; h=date:from:to:cc :subject:in-reply-to:message-id:references:mime-version: content-type; q=dns; s=hixie.ch; b=xdfH4VYqEqpQWO4RfkDVuQJEGCawZ rH8NoxbJFELk9f5BiY9KM1sJ96N6uIUmS0U8c+h3l5NM0Ny8Xzg8vemkdmRMqG0F oAWv0NTW4G2pCS6Op+PHjMumoZ0E+sVUlhKA6ApFyLK6MARoIGGTrrqAMFPuhd9f zQv/yL+7FoRcLM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=hixie.ch; h=date:from:to :cc:subject:in-reply-to:message-id:references:mime-version: content-type; s=hixie.ch; bh=pSQKB6XeY/ste6CuFYVXdXUyTm8=; b=Dsm FB3Lf6bB8OI/dAB1C3h3eBUcEq43j9PSU2M2t1X+00FJ/mNpGFnYWWx+8dz5scAY sPsbraRKeRkva5tEla0GMWvmnvDxnlyKHIUsiqIIFCOJW/ViEacrJjlbKKaFZUA1 wOEJqRvVK9j3PB5SD7hQ8p97AiSpEt82qqKxAroU=
Received: from ps20323.dreamhostps.com (ps20323.dreamhost.com [69.163.222.251]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: internal@index.hixie.ch) by homiemail-a44.g.dreamhost.com (Postfix) with ESMTPSA id 10486118060; Sun, 26 Sep 2010 21:47:03 -0700 (PDT)
Date: Mon, 27 Sep 2010 04:47:02 +0000
From: Ian Hickson <ian@hixie.ch>
To: Maciej Stachowiak <mjs@apple.com>
In-Reply-To: <5CBF797D-A58E-4129-96B3-164F6E7409B9@apple.com>
Message-ID: <Pine.LNX.4.64.1009270442460.3271@ps20323.dreamhostps.com>
References: <AANLkTikszM0pVE-0dpZ2kv=i=y5yzS2ekeyZxtz9N=fQ@mail.gmail.com> <62B5CCE3-79AF-4F60-B3A0-5937C9D291D7@apple.com> <AANLkTikKc+4q_Q1+9uDo=ZpFF6S49i6vj2agZOGWVqKm@mail.gmail.com> <E2D38FF3-F1B9-4305-A7FC-A9690D2AEB4A@apple.com> <AANLkTikRYB_suPmSdH3uzGmdynozECRszDx+BpUvtZ4h@mail.gmail.com> <5CBF797D-A58E-4129-96B3-164F6E7409B9@apple.com>
Content-Language: en-GB-hixie
Content-Style-Type: text/css
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Sep 2010 04:48:28 -0000

On Sun, 26 Sep 2010, Maciej Stachowiak wrote:
> 
> As I have thought about these issues, I am increasingly convinced that 
> an NPN-style solution is much more robust. Attempting to make a TLS 
> connection to a vanilla HTTP server, or an HTTPS server that does not 
> understand NPN, will reject the connection at a very low level, greatly 
> limiting the potential for shenanigans. Browser clients in general do 
> not offer APIs that would allow a Web attacker any control of the 
> outgoing TLS handshake, and the TLS layer would fail a bad connection 
> before server software even had the opportunity to make a mistake. This 
> approach seems much more robust to me. Rather than just barely being 
> secure, it fails hard before the attacker can even do anything tricky. I 
> think it is much likely there would be future attacks. I hope the WG 
> strongly considers the NPN approach, despite the costs and challenges 
> imposed by using TLS.

I agree. There were two main advantages to the handshake I had specced: 
first, it would allow us to move fast and iterate, with browsers all being 
able to have WebSocket client support in the current cycle, and second, it 
would be easy to implement for amateur Web authors.

Since we have missed this implementation cycle, and since the framing of 
the protocol is going to support elaborate features such as fragmentation, 
multiple channels, and so forth, to the point where amateur deployments 
are essentially required to use a library and can't realistically be 
expected to write their own servers, I really see no reason at this point 
to not always require TLS and to use an NPN-style forced protocol switch.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

v2.23.0 | Report a Bug | By Email