Re: [hybi] Handshake was: The WebSocket protocol issues.

[Greg Wilkins <gregw@webtide.com>]

On 28 September 2010 09:26, Scott Ferguson <ferg@caucho.com> wrote:
> Greg Wilkins wrote:
>>
>> Scott,
>>
>> yes - I glossed over the details of what the actual hash should be in
>> the ping packet.  I believe H(c-nonce, "WebSocket") is a good hash
>> that indicates the server is a WS.
>
> That's not quite the issue. It's the second hash in the PONG that's missing,
> because we also need to verify the client as a WS client and not a hijacked
> HTTP client (or hijacked future non-websocket client):

OK, I've got it.

For your proposal of a server nonce, then a HELLO op-code is more
appropriate than ping/pong as the pong should normally contain the
same content as the ping.

So my proposal was:

HTTP(upgrade,nonce)   -->
<-- HTTP(101)
<-- WS(ping,hash(nonce,"WebSocket"))
[ <-- * WS(op, data)  ]
--> WS(pong,hash(nonce,"WebSocket"))   ; client calls onOpen
[ * WS(op, data) -->  ]


Your amendment is

HTTP(upgrade,c-nonce)   -->
<-- HTTP(101)
<-- WS(hello,hash(c-nonce,"WebSocket"),s-nonce)
[ <-- * WS(op, data)  ]
--> WS(hello,hash(s-nonce,"WebSocket"))   ; client call onOpen
[ * WS(op, data) -->  ]


I'm not 100% convinced that the server nonce is really necessary, as
the client has already been validated by sending Sec-Headers and the
upgrade in the first place, and the contents of the ping message must
be copied into a pong message (and is not predictable if the nonce is
hidden from the client).

But if we want defence in depth, then the second hash of a s-nonce is
an good way to achieve this.

cheers