[hybi] regarding draft-montenegro-hybi-upgrade-hello-handshake-00
"Thomson, Martin" <Martin.Thomson@andrew.com> Thu, 16 December 2010 01:23 UTC
Return-Path: <Martin.Thomson@andrew.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D9F328C136 for <hybi@core3.amsl.com>; Wed, 15 Dec 2010 17:23:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.564
X-Spam-Level:
X-Spam-Status: No, score=-2.564 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-LElyBQ4vN5 for <hybi@core3.amsl.com>; Wed, 15 Dec 2010 17:23:40 -0800 (PST)
Received: from csmailgw1.commscope.com (csmailgw1.commscope.com [198.135.207.244]) by core3.amsl.com (Postfix) with ESMTP id 370813A6E0E for <hybi@ietf.org>; Wed, 15 Dec 2010 17:23:40 -0800 (PST)
Received: from [10.86.20.103] ([10.86.20.103]:7947 "EHLO ACDCE7HC2.commscope.com") by csmailgw1.commscope.com with ESMTP id S40219052Ab0LPBZX (ORCPT <rfc822; hybi@ietf.org>); Wed, 15 Dec 2010 19:25:23 -0600
Received: from SISPE7HC1.commscope.com (10.97.4.12) by ACDCE7HC2.commscope.com (10.86.20.103) with Microsoft SMTP Server (TLS) id 8.1.436.0; Wed, 15 Dec 2010 19:25:23 -0600
Received: from SISPE7MB1.commscope.com ([fe80::9d82:a492:85e3:a293]) by SISPE7HC1.commscope.com ([fe80::8a9:4724:f6bb:3cdf%10]) with mapi; Thu, 16 Dec 2010 09:25:18 +0800
From: "Thomson, Martin" <Martin.Thomson@andrew.com>
To: "gregw@webtide.com" <gregw@webtide.com>, "gmonte@microsoft.com" <gmonte@microsoft.com>
Date: Thu, 16 Dec 2010 09:24:58 +0800
Thread-Topic: regarding draft-montenegro-hybi-upgrade-hello-handshake-00
Thread-Index: AcucwA1CN3F88v2KS9mpQZdAN4ITaQ==
Message-ID: <8B0A9FCBB9832F43971E38010638454F03F34FB023@SISPE7MB1.commscope.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-cr-puzzleid: {0C44616A-B874-459E-9FDF-51C6CF706A83}
x-cr-hashedpuzzle: AQfS A6og D8xp Eboa If3h M3T1 OQGF SZ+g UB0H USLF YMWb YWIi a6+w cmK0 dNPp h72z; 3; ZwBtAG8AbgB0AGUAQABtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtADsAZwByAGUAZwB3AEAAdwBlAGIAdABpAGQAZQAuAGMAbwBtADsAaAB5AGIAaQBAAGkAZQB0AGYALgBvAHIAZwA=; Sosha1_v1; 7; {0C44616A-B874-459E-9FDF-51C6CF706A83}; bQBhAHIAdABpAG4ALgB0AGgAbwBtAHMAbwBuAEAAYQBuAGQAcgBlAHcALgBjAG8AbQA=; Thu, 16 Dec 2010 01:24:58 GMT; cgBlAGcAYQByAGQAaQBuAGcAIABkAHIAYQBmAHQALQBtAG8AbgB0AGUAbgBlAGcAcgBvAC0AaAB5AGIAaQAtAHUAcABnAHIAYQBkAGUALQBoAGUAbABsAG8ALQBoAGEAbgBkAHMAaABhAGsAZQAtADAAMAA=
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-BCN: Meridius 1000 Version 3.4 on csmailgw1.commscope.com
X-BCN-Sender: Martin.Thomson@andrew.com
Cc: Hybi <hybi@ietf.org>
Subject: [hybi] regarding draft-montenegro-hybi-upgrade-hello-handshake-00
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Dec 2010 01:23:41 -0000
I like this. I can't speak with authority about its ability to deal with the full spectrum of attacks we've seen, but it certainly looks like it covers the most obvious and worst. If this works, then rather than aiming this squarely at websockets, it might even make sense to have this describe how to upgrade HTTP in general, with websockets as the canonical example. Regarding the handshake. I'd like to see the server echo the client nonce. That reduces the amount of state that a client might have to maintain. Not a big deal for a browser, but it would be a nicety for intermediaries.
- [hybi] regarding draft-montenegro-hybi-upgrade-he… Thomson, Martin