Re: [hybi] Handshake was: The WebSocket protocol issues.

[Willy Tarreau <w@1wt.eu>]

On Fri, Sep 24, 2010 at 08:21:23PM +0300, Alexander Voronin wrote:
> Here we'r talking not about handshake but about cross-protocol attacks. So
> websockets as two-stage process is invulnerable to this attack. If browser
> creates and openes websocket than we sure that data will be sent into HTTP
> stream. If handshake fails no data will be sent.

We all agree with that and I explained to you that this model requires two
round trips, which means a connection takes twice the time to set up. Hence
the difficulty to be able to design a one-round-trip handshake which does
not open cross-protocol attack holes.

> In reference to handshake - as noticed sending data in GET request is a bad
> idea.

That was my first reaction too, until I realized that the Upgrade mechanism
is already well defined and independant of the method. We're not sending data
in a GET request, we're sending data after a confirmed Upgrade response which
was induced by a GET+Upgrade request. And precisely the problem that appeared
in draft 76 is that when you add an intermediary, the data aren't forwarded
to the server because they're not part of the request.

> And I still believe that old style handshake will work for any kind of
> proxy chains using just HTTP result codes.

Yes, but the important part is not that the handshake works, but that the
bidirectional data exchange after the handshake works. The handshake is
there to set that up and quickly detect possible failures.

Willy