IETF Logo Mail Archive

Re: [hybi] Experiment comparing Upgrade and CONNECT handshakes

Adam Barth <ietf@adambarth.com> Mon, 29 November 2010 17:31 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9619628C18B for <hybi@core3.amsl.com>; Mon, 29 Nov 2010 09:31:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.561
X-Spam-Level:
X-Spam-Status: No, score=-4.561 tagged_above=-999 required=5 tests=[AWL=-0.584, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T7lKtmREA4dE for <hybi@core3.amsl.com>; Mon, 29 Nov 2010 09:31:23 -0800 (PST)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id 4F32128C0F3 for <hybi@ietf.org>; Mon, 29 Nov 2010 09:31:23 -0800 (PST)
Received: by fxm9 with SMTP id 9so3719220fxm.31 for <hybi@ietf.org>; Mon, 29 Nov 2010 09:32:32 -0800 (PST)
Received: by 10.223.72.202 with SMTP id n10mr5630650faj.74.1291051952348; Mon, 29 Nov 2010 09:32:32 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id f24sm723141fak.24.2010.11.29.09.32.29 (version=SSLv3 cipher=RC4-MD5); Mon, 29 Nov 2010 09:32:32 -0800 (PST)
Received: by iwn40 with SMTP id 40so6213376iwn.31 for <hybi@ietf.org>; Mon, 29 Nov 2010 09:32:28 -0800 (PST)
Received: by 10.231.169.135 with SMTP id z7mr5915788iby.28.1291051948046; Mon, 29 Nov 2010 09:32:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.12.77 with HTTP; Mon, 29 Nov 2010 09:31:57 -0800 (PST)
In-Reply-To: <4CF1EFF9.7040803@caucho.com>
References: <AANLkTim_8g-Cb01si00EkvCK5BtXUx3zHsUee1F6JqsD@mail.gmail.com> <AANLkTimSu1fOGCg0gqX2EFh4v-MkpZuY_-onm3+TO_Z0@mail.gmail.com> <AANLkTimYpdp-75BQSmhAUfyrQv19LvzF1ouznst+ANUG@mail.gmail.com> <AANLkTikbycTS51Ein9ybbZ52zcrViFCNBjCmpRGD3yCk@mail.gmail.com> <AANLkTim=_Ey_7tSJ0H8OKzip-UcwtJ=YMG5wf_f_qnty@mail.gmail.com> <20101127071644.GB26428@1wt.eu> <AANLkTi=Rqu-hm=Jy-GFf706smD8zEHbeD-oP7dNCN6Ro@mail.gmail.com> <20101127161638.GE26428@1wt.eu> <AANLkTi=snwcb8F89KjpD8tQUYSSBr6YF1OdaGgr1e9Xa@mail.gmail.com> <AANLkTi=2M1ubEgR44PL7JpydkaZaOwwimuvhJq=E30+A@mail.gmail.com> <4CF1EFF9.7040803@caucho.com>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 29 Nov 2010 09:31:57 -0800
Message-ID: <AANLkTimotYL70P3Rqwz3uFbf=G3JERkUJqqdEhU6eMEb@mail.gmail.com>
To: Scott Ferguson <ferg@caucho.com>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Experiment comparing Upgrade and CONNECT handshakes
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2010 17:31:25 -0000

On Sat, Nov 27, 2010 at 10:00 PM, Scott Ferguson <ferg@caucho.com> wrote:
> Ian Fette (イアンフェッティ) wrote:
>>
>> On Sat, Nov 27, 2010 at 8:24 AM, Adam Barth <ietf@adambarth.com
>> <mailto:ietf@adambarth.com>> wrote:
>>
>>    On Sat, Nov 27, 2010 at 8:16 AM, Willy Tarreau <w@1wt.eu
>>    <mailto:w@1wt.eu>> wrote:
>>    > On Sat, Nov 27, 2010 at 07:51:17AM -0800, Eric Rescorla wrote:
>>    >> What's the argument *for* having an insecure handshake?
>>    >
>>    > There's no argument *for* having an insecure handshake, there
>>    are arguments
>>    > for having a safe HTTP-compliant handshake.
>>
>>    The handshake we're proposing is both safe and HTTP compliant.
>>
>>    Kind regards,
>>    Adam
>>
>>
>> I really appreciate all the work you and others have done with this paper.
>> I have a few questions I'd like to ask if you wouldn't mind.
>>
>> #1, if we changed the non-bogus Host header to be the real host, do you
>> believe that would have any substantial negative impact?
>> #2 Is there anything else that is in the handshake proposal that is
>> perhaps HTTP compliant by the letter but not the spirit? (Other than CONNECT
>> vs UPGRADE -- I think you've made that case.)
>>
>> I personally don't care strongly enough about the above to call them a
>> requirement, but a number of people on this list have raised the HTTP compat
>> issue so I would like to better understand what that would imply with the
>> proposal this paper suggests the group move forward with.
>
> The change of the CONNECT URI to the known host "websocket.invalid" makes a
> difference, because a server can dispatch the known "websocket.invalid" host
> to a websocket handler. (The earlier scrambling of the URI was unworkable.)

This change is already incorporated in the current version of
draft-abarth-websocket-handshake.

> In other words, there's a difference between a well-known
> "websocket.invalid" host and a bogus host. A truly bogus host would be a
> problem (and wouldn't be HTTP in any meaningful way).
>
> That's from the end-server perspective. I don't know about proxies, although
> I'd think a websocket-aware proxy could unpack the embedded URL and forward
> based on it.

Great.  I'm glad it works for you.

Adam

v2.23.0 | Report a Bug | By Email