Re: [hybi] Insight you need to know: Browsers are at fault when servers crash

"Shelby Moore" <shelby@coolpage.com> Thu, 19 August 2010 08:56 UTC

Return-Path: <shelby@coolpage.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F3C6F3A6819 for <hybi@core3.amsl.com>; Thu, 19 Aug 2010 01:56:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[AWL=0.679, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jc98pmOVssMU for <hybi@core3.amsl.com>; Thu, 19 Aug 2010 01:56:27 -0700 (PDT)
Received: from www5.webmail.pair.com (www5.webmail.pair.com [66.39.3.83]) by core3.amsl.com (Postfix) with SMTP id B9A593A6908 for <hybi@ietf.org>; Thu, 19 Aug 2010 01:56:27 -0700 (PDT)
Received: (qmail 19800 invoked by uid 65534); 19 Aug 2010 08:57:02 -0000
Received: from 121.97.54.174 ([121.97.54.174]) (SquirrelMail authenticated user shelby@coolpage.com) by sm.webmail.pair.com with HTTP; Thu, 19 Aug 2010 04:57:02 -0400
Message-ID: <222166407cb475129e3c63c069ba47a8.squirrel@sm.webmail.pair.com>
Date: Thu, 19 Aug 2010 04:57:02 -0400
From: Shelby Moore <shelby@coolpage.com>
To: shelby@coolpage.com
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: hybi@ietf.org
Subject: Re: [hybi] Insight you need to know: Browsers are at fault when servers crash
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: shelby@coolpage.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Aug 2010 08:56:29 -0000

> Well one optimization is why are allowing these WebSockets to connect to
> ports that are assigned to other legacy protocols by the IANA?  What
> benefit does that give WebSockets?  Seems an optimization would be to
> not do that.


http://www6.ietf.org/mail-archive/web/hybi/current/msg03355.html

"and TCP ports are not in fact protocol identifiers, despite some
traditions that conflate the two concepts"


> The server must anticipate the entire state-machine of its inputs.  The
> only way the browser can give the server bugs is when the server is not
> prepared for every possibility in its state-machine. The big caveat is
> that due to being a Turing machine means we will never be prepared for
> every possibility.


Yes browsers can be at fault when servers fail, even with the perfect
implementation server-side.  Example follows.

Filed a proposal:

https://bugzilla.mozilla.org/show_bug.cgi?id=588704

Referenced Adam's research paper on CSRF.

The above is much more coherently written, and removes my erroneous
attacks on Adam's research. Turing machine complete, Liskov Substition
Principle, Coase's Theorem, Linksky Substitution Principle, and Godel's
Theorem insure that we can't have absolute certainty that we can isolate
all attack vectors at the server.[1]

However, we can access probabilities, and thus prioritize where we apply
security so as to reduce conflation errors that accumulate as brittle
complexity inertia. I still assert that I believe the priority should be
that protocols should be responsible for their user authorization, not
conflating the intermediary software (e.g. browser) that sits between the
(potentially malicious) user and the poorly designed (incorrect or no
authorization) protocol. Conflating responsibility leads to that brittle
complexity inertia, that ultimately dead ends in total disconnection
(whitelist) from the network. Conflation is an evil (failure directed)
result of being surety for another entity. If I make a promise for
another, I have bound the other and so on in domino effect towards
eventual gridlock.


I am still unsubscribed from this list, but I thought it was helpful to
post these clarifications.

[1] http://www.ietf.org/mail-archive/web/hybi/current/msg03233.html
(contains my one line layman's summaries of each of those fundamental
theorems)