Re: [hybi] Why not just use ssh?

[Willy Tarreau <w@1wt.eu>]

On Tue, Aug 31, 2010 at 08:40:45PM -0400, John Tamplin wrote:
> On Tue, Aug 31, 2010 at 8:26 PM, Adam Barth <ietf@adambarth.com> wrote:
> > Why?  There are a number of compelling technical reasons to prefer the
> > TLS-based handshake.  The counter arguments appear to be entirely
> > non-technical.
> 
> I don't know -- does changing the typical total frame header size
> after RoHC from 7 bytes to 22 count as a technical argument?  With a
> large number of frames likely being a few dozen bytes after
> compression, that seems significant.  The requirement for any
> implementation to include TLS libraries also seems to be a technical
> argument.

I'd like to add that the WG's goal is to achieve interoperability, and
that's not only based on technical arguments. With TLS, an administrator
can't analyze traffic. That's very important in schools for example, and
some large enterprises, where the policy is simple : either you can
analyze and filter, or you block. While I'm very favorable to a TLS
version, I'd really like to have an HTTP one too. For this reason, I
think we should ensure the handshake is simple enough to limit misuses,
and looks a lot like HTTP so that it does not create a new attack
vector. After all, the WS clients will be the browsers. They already
have access to the net (direct or via proxies), and what we should be
concerned about is that we can't do with WS what we can't already do
with HTTP.

So in my opinion, trying to stop protocol attacks before the handshake
is complete is a waste of time since the HTTP vector is still available,
however we have to ensure we won't complete the handshake on a non-WS
server. For that use, I think that the nonce, whatever its form (possibly
a WS ping+pong) is very important.

Willy