IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

James Graham <jgraham@opera.com> Mon, 11 October 2010 16:10 UTC

Return-Path: <jgraham@opera.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD6DB3A6B2F for <hybi@core3.amsl.com>; Mon, 11 Oct 2010 09:10:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.481
X-Spam-Level:
X-Spam-Status: No, score=-6.481 tagged_above=-999 required=5 tests=[AWL=0.118, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42IqydEfcAen for <hybi@core3.amsl.com>; Mon, 11 Oct 2010 09:10:37 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id 0B7663A6B1C for <hybi@ietf.org>; Mon, 11 Oct 2010 09:10:33 -0700 (PDT)
Received: from [10.30.0.35] (sgw-oslo2.opera.com [213.236.208.46]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o9BGBfeW022582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 11 Oct 2010 16:11:42 GMT
Message-ID: <4CB3373C.5050507@opera.com>
Date: Mon, 11 Oct 2010 18:11:40 +0200
From: James Graham <jgraham@opera.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9pre) Gecko/20100217 Shredder/3.0.3pre
MIME-Version: 1.0
To: Greg Wilkins <gregw@webtide.com>
References: <4CAFA043.10101@caucho.com> <AANLkTi=eo-cjBz160FN0cn53v4-CpDSYaEneqkr_ZP7k@mail.gmail.com> <4CAFAC2B.5000800@caucho.com> <55bva61goeqtn0lifgjt5uihf50obh7kf4@hive.bjoern.hoehrmann.de> <4CAFB9C4.6030905@caucho.com> <AANLkTinv5Ym5jwUEqS76z3UkVa7GpmOBT_WXhBbFK0-m@mail.gmail.com> <20101009055723.GL4712@1wt.eu> <AANLkTimY2DjxgZybibSRtc7L34Wns2KhQC=Wa9K6PYku@mail.gmail.com> <20101009204009.GP4712@1wt.eu> <AANLkTi=Az0RmE1Uipo068zMh3YzgMpM2tQ+zYxaDT47A@mail.gmail.com> <20101011053354.GA12672@1wt.eu> <4CB2D7BD.1070004@opera.com> <9B9FA451-5551-4434-8EC1-BAC834FB9A61@apple.com> <AANLkTimDc_aqRTtgRpMKhdhk6x+vPGyOPvU3A=6mK9S7@mail.gmail.com>
In-Reply-To: <AANLkTimDc_aqRTtgRpMKhdhk6x+vPGyOPvU3A=6mK9S7@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.64 on 213.236.208.81
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2010 16:10:56 -0000

On 10/11/2010 02:28 PM, Greg Wilkins wrote:
>
>
> On 11 October 2010 20:34, Maciej Stachowiak <mjs@apple.com
> <mailto:mjs@apple.com>> wrote:
>
>     On Oct 11, 2010, at 2:24 AM, James Graham wrote:
>      > I'm not sure I follow this objection. Unless I am
>     misunderstanding Adam's proposal, all the information needed to
>     access the Host header is in the initial client request; the only
>     additional effort needed is to use the client-sent key to decrypt
>     the headers. According to this understanding, one doesn't have to
>     maintain state across requests just to determine if one will handle
>     the request and, if so, with which back end server.
>
>     I agree with this understanding. With Adam's elaborations (not fully
>     detailed in the original proposal), all the routing information is
>     available in the initial client handshake request.
>
>      > Is it just the decryption that you believe represents an
>     unmanagable burden?
>
>     In the unlikely case that the encryption is an unreasonable burden,
>     I think it's possible to use a trivial form of encryption (XOR with
>     one-time pad) instead of AES-128-CTR. But I think it's probably both
>     safer and typically easier to use a well-known cipher.
>
>
>
> I think there are things that we can do to restrict "attacker" content
> in the handshake short of encryption.

So there is an underlying issue here that I don't understand. It seems 
clear to me that Adam and Eric's proposed handshake has a better 
security story with regard to cross-protocol attacks than -75, -76, or 
any other proposal other than using NPN with TLS. However there seem to 
be a number of people who have problems with this proposed handshake to 
the extent that they are prepared to forgo the security properties in 
order to get something different. In general people seem to be aware 
that they are making the security weaker since the arguments are mostly 
about how different approaches will probably be good enough in practice 
even though they are theoretically inferior.

What I haven't followed is what the problems with the proposal actually 
are. I understand that I have likely missed these in other messages, but 
it would be helpful if people who believe that the proposed approach, or 
aspects of it, are unworkable could summarise the outstanding issues 
they see.

v2.23.0 | Report a Bug | By Email