Re: [hybi] A WebSocket handshake
Willy Tarreau <w@1wt.eu> Wed, 06 October 2010 14:36 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 489FA3A7090 for <hybi@core3.amsl.com>; Wed, 6 Oct 2010 07:36:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.809
X-Spam-Level:
X-Spam-Status: No, score=-2.809 tagged_above=-999 required=5 tests=[AWL=-0.766, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bx5Cv5awo9-l for <hybi@core3.amsl.com>; Wed, 6 Oct 2010 07:36:24 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 206CC3A706B for <hybi@ietf.org>; Wed, 6 Oct 2010 07:36:22 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o96EbH9f024530; Wed, 6 Oct 2010 16:37:17 +0200
Date: Wed, 06 Oct 2010 16:37:17 +0200
From: Willy Tarreau <w@1wt.eu>
To: Adam Barth <ietf@adambarth.com>
Message-ID: <20101006143717.GA24164@1wt.eu>
References: <AANLkTimQ5x-v+Mz_OHrNDdtVd94E+HOBWwo3_f1ktEeg@mail.gmail.com> <20101006053400.GC20095@1wt.eu> <AANLkTiknEw7SAQH_fbm-YkXvDpOQZavduM2D+JvpiGDf@mail.gmail.com> <20101006082037.GB22844@1wt.eu> <AANLkTimwhr4YbjChYC9Ki=zWqrx8fTQv0JaYkLRPkXQ+@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <AANLkTimwhr4YbjChYC9Ki=zWqrx8fTQv0JaYkLRPkXQ+@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] A WebSocket handshake
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2010 14:36:26 -0000
On Wed, Oct 06, 2010 at 07:24:18AM -0700, Adam Barth wrote: > On Wed, Oct 6, 2010 at 1:20 AM, Willy Tarreau <w@1wt.eu> wrote: > > On Tue, Oct 05, 2010 at 11:57:40PM -0700, Adam Barth wrote: > >> On Tue, Oct 5, 2010 at 10:34 PM, Willy Tarreau <w@1wt.eu> wrote: > >> > Adam, could you please recheck the importance for this handshake to > >> > have the invalid hostname ? It really is the only blocking issue I > >> > can think of. If it is absolutely needed, maybe we could use something > >> > like "<valid-hostname>.websocket.invalid" instead so that at least the > >> > server-side components can route the request to the proper location ? > >> > >> Using an invalid host name is important because we don't want the > >> attacker to be able to choose any of the bytes in the initial message. > > > > OK I understand your point, but this is no different from what the > > attacker can already do with plain HTTP. > > Please read the document. If that were true, we could just use the > initial POST strawman. Adam, please, I took 30 minutes this morning to read it carefully. All I saw against the POST was the risk of using it to post a second request after the first one, and I explained that that's precisely why the "Connection: close" statement must be used. > > >> Of course, virtual hosting is important. We'll probably want to > >> include the real Host header in the encrypted "additional information" > >> sent with the initial handshake message so that the WebSocket server > >> can dispatch the connection to the appropriate virtual host. > > > > Except that right now the virtual hosting it handled at the boundary > > and the websocket will be handled at the internals. That said, the > > host part of a URL must at least respect the limited charset of the > > DNS system. We don't have the %-encoding of the plain URLs. > > Please read the document. That's true and intentional. We want the > server to understand that it's talking WebSockets before it dispatches > the request to a particular virtual host. That prevents a single > virtual host from opting into a WebSocket connection on behalf of the > entire host. If the real host doesn't understand what's going on, it > could get confused and let the attacker do nasty things. I don't agree, at worst it would forward the request as-is, exactly as any intermediary will do, and it will either reach a real WS server or a normal HTTP server. And since your proposal protects against cross-protocol attacks, the attacker won't be able to do nasty things. Willy
- Re: [hybi] A WebSocket handshake Adam Barth
- [hybi] A WebSocket handshake Adam Barth
- Re: [hybi] A WebSocket handshake Adam Barth
- Re: [hybi] A WebSocket handshake Willy Tarreau
- Re: [hybi] A WebSocket handshake Eric Rescorla
- Re: [hybi] A WebSocket handshake Willy Tarreau
- Re: [hybi] A WebSocket handshake Adam Barth
- Re: [hybi] A WebSocket handshake Willy Tarreau
- Re: [hybi] A WebSocket handshake Adam Barth
- Re: [hybi] A WebSocket handshake Adam Barth
- Re: [hybi] A WebSocket handshake Willy Tarreau
- Re: [hybi] A WebSocket handshake Greg Wilkins
- Re: [hybi] A WebSocket handshake Greg Wilkins
- Re: [hybi] A WebSocket handshake Willy Tarreau
- Re: [hybi] A WebSocket handshake Greg Wilkins
- Re: [hybi] A WebSocket handshake Willy Tarreau
- Re: [hybi] A WebSocket handshake Adam Barth
- [hybi] Strawman (was: A WebSocket handshake) S Moonesamy
- Re: [hybi] A WebSocket handshake Maciej Stachowiak
- Re: [hybi] A WebSocket handshake Adam Barth
- Re: [hybi] A WebSocket handshake Maciej Stachowiak
- Re: [hybi] A WebSocket handshake Maciej Stachowiak
- Re: [hybi] A WebSocket handshake Adam Barth