Re: [hybi] -09: security considerations
Greg Wilkins <gregw@intalio.com> Mon, 20 June 2011 06:42 UTC
Return-Path: <gregw@intalio.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86F9C21F8574 for <hybi@ietfa.amsl.com>; Sun, 19 Jun 2011 23:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.792
X-Spam-Level:
X-Spam-Status: No, score=-2.792 tagged_above=-999 required=5 tests=[AWL=0.185, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EExJy2GwfoeE for <hybi@ietfa.amsl.com>; Sun, 19 Jun 2011 23:42:46 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 75A1821F8575 for <hybi@ietf.org>; Sun, 19 Jun 2011 23:42:46 -0700 (PDT)
Received: by vxi40 with SMTP id 40so555963vxi.31 for <hybi@ietf.org>; Sun, 19 Jun 2011 23:42:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.180.198 with SMTP id dq6mr1857943vdc.158.1308552165848; Sun, 19 Jun 2011 23:42:45 -0700 (PDT)
Received: by 10.52.108.9 with HTTP; Sun, 19 Jun 2011 23:42:45 -0700 (PDT)
In-Reply-To: <BANLkTim+YUp20v9-8uQVoCV9--gMA4wqLA@mail.gmail.com>
References: <4DFB8571.4090802@stpeter.im> <BANLkTinuHWwwbXs8b+K9=vN+M=2ZDyy0CQ@mail.gmail.com> <BANLkTim+YUp20v9-8uQVoCV9--gMA4wqLA@mail.gmail.com>
Date: Mon, 20 Jun 2011 16:42:45 +1000
Message-ID: <BANLkTinE7VZTZDyyMfw3CZSMevHw-GqTWw@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Adam Barth <ietf@adambarth.com>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] -09: security considerations
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2011 06:42:47 -0000
Also HTTP has BASIC and DIGEST authentication, while WS does not (although it could very easily support these). cheers 2011/6/18 Adam Barth <ietf@adambarth.com>: > There's somewhat more to it than that, right? For example, HTTP > doesn't use the origin security model, whereas WebSockets does. Also, > HTTP punts on cross-protocol security issues, whereas WebSockets does > not. Finally, HTTP has the benefit of being invented prior to the > deployment of much of today's network infrastructure. That means the > network infrastructure needs to work around HTTP whereas WebSockets > needs to work around the network infrastructure. > > Adam > > > 2011/6/17 Ian Fette (イアンフェッティ) <ifette@google.com>: >> I would hope that the discussions don't need to be so long. The security >> model is based on that of HTTP. Whatever HTTP gives you WS gives you, >> whatever HTTPS gives you WSS gives you. WS is at its core a less hacky more >> performant version of what people are already doing today in javascript, >> it's not some totally new concept. >> -Ian >> >> On Fri, Jun 17, 2011 at 9:48 AM, Peter Saint-Andre <stpeter@stpeter.im> >> wrote: >>> >>> First, I am not a member of the security mafia. >>> >>> However, the security considerations section seems incomplete to me. I >>> suggest that the author and WG spend some quality time with RFC 3552 >>> (and with other RFCs that have good discussions of security) to make >>> this section more robust and complete. >>> >>> Questions to ask and answer include (but are not limited to): >>> >>> 1. What is the threat model against the architecture assumed in this >>> document? (And to answer that question, it would help to more clearly >>> explain the architecture.) >>> >>> 2. How will the protocol address confidentiality? >>> >>> 3. How will the protocol address data integrity? >>> >>> 4. How will the protocol address peer entity authentication? >>> >>> 5. How does the protocol ensure strong security (RFC 3365)? >>> >>> 6. If certificates are to be used, how are they handled (RFC 6125 and >>> RFC 2818)? >>> >>> 7. What are the mandatory-to-implement TLS ciphersuites? >>> >>> 8. What are the security considerations related to technologies that are >>> reused in WebSocket (e.g., Base 64 and UTF-8)? >>> >>> 9. What information leaks are possible? >>> >>> 10. What denial of service attacks (RFC 4732) are possible and what >>> measures can be taken to prevent those attacks? >>> >>> 11. What is the relationship, if any, between the security of the >>> WebSocket protocol and the security of HTTP? In what ways does this >>> protocol build on HTTP from a security perspective, and in what ways >>> does it need additional security mechanisms? >>> >>> I'm sure the reviewer from the IETF Security Directorate will come up >>> with more questions than that, so we need to be prepared. >>> >>> A personal note: in revising RFC 3920 to produce RFC 6120, I put a great >>> deal of thought and time into writing the security considerations >>> section, which ended up being 20 pages long. That might be longer than >>> necessary here, but I think 2 pages is a bit shy of what we need. >>> >>> Peter >>> >>> -- >>> Peter Saint-Andre >>> https://stpeter.im/ >>> >>> >>> >>> >>> _______________________________________________ >>> hybi mailing list >>> hybi@ietf.org >>> https://www.ietf.org/mailman/listinfo/hybi >>> >> >> >> _______________________________________________ >> hybi mailing list >> hybi@ietf.org >> https://www.ietf.org/mailman/listinfo/hybi >> >> > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi >
- [hybi] -09: security considerations Peter Saint-Andre
- Re: [hybi] -09: security considerations Ian Fette (イアンフェッティ)
- Re: [hybi] -09: security considerations Adam Barth
- Re: [hybi] -09: security considerations Greg Wilkins
- Re: [hybi] -09: security considerations Diogo Pereira
- Re: [hybi] -09: security considerations Iñaki Baz Castillo