Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
Willy Tarreau <w@1wt.eu> Wed, 07 September 2011 07:29 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9C6A21F8C14 for <hybi@ietfa.amsl.com>; Wed, 7 Sep 2011 00:29:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.997
X-Spam-Level:
X-Spam-Status: No, score=-3.997 tagged_above=-999 required=5 tests=[AWL=-1.954, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iNjAH1DYON0P for <hybi@ietfa.amsl.com>; Wed, 7 Sep 2011 00:29:14 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id 1B2B321F8C0C for <hybi@ietf.org>; Wed, 7 Sep 2011 00:29:12 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p877UtYS018621; Wed, 7 Sep 2011 09:30:55 +0200
Date: Wed, 07 Sep 2011 09:30:55 +0200
From: Willy Tarreau <w@1wt.eu>
To: Sylvain Hellegouarch <sh@defuze.org>
Message-ID: <20110907073055.GD16712@1wt.eu>
References: <20110831184207.1514.64093.idtracker@ietfa.amsl.com> <0fc901cc6878$1681eec0$0a00a8c0@Venus> <CAH9hSJb2rH+fX0AnekYxsEkHKzb15aHrg_hDQw1baWLiWBF-3w@mail.gmail.com> <CALkdAkjMro781JiQE7R8wZQf6zW83d25YWiy=QBEgdyJTHXepA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CALkdAkjMro781JiQE7R8wZQf6zW83d25YWiy=QBEgdyJTHXepA@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: hybi@ietf.org
Subject: Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2011 07:29:15 -0000
On Wed, Sep 07, 2011 at 09:14:52AM +0200, Sylvain Hellegouarch wrote: > Since the masking and unmasking are the same operations, I fail to > understand the added complexity of server-to-client masking. Clients already > know how to unmask since they can mask in the first place with the same > operation. Except they don't know the masking key. The purpose of masking is not to prevent a *client* from emitting the data it wants, but to prevent some *javascript code* running in a browser from doing so. The client is not the issue here, the issue is the fact that the attacker on the server side might easily make a client execute some controlled JS code. We want to ensure that someone who's present at both ends cannot easily control the byte stream sent by the client. And since the JS does not know the key, there's no easy way to perform the operation backwards first. Regards, Willy
- Re: [hybi] what's next Peter Saint-Andre
- [hybi] I-D Action: draft-ietf-hybi-thewebsocketpr… internet-drafts
- [hybi] what's next Peter Saint-Andre
- Re: [hybi] what's next Julian Reschke
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Alexey Melnikov
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Alexey Melnikov
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Alexey Melnikov
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… SM
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… SM
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Greg Wilkins
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Martin J. Dürst
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Bruce Atherton