Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
Gabriel Montenegro <Gabriel.Montenegro@microsoft.com> Thu, 08 September 2011 21:32 UTC
Return-Path: <Gabriel.Montenegro@microsoft.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFEF721F8B3F for <hybi@ietfa.amsl.com>; Thu, 8 Sep 2011 14:32:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cuJo-IikdYRz for <hybi@ietfa.amsl.com>; Thu, 8 Sep 2011 14:32:05 -0700 (PDT)
Received: from smtp.microsoft.com (mailc.microsoft.com [131.107.115.214]) by ietfa.amsl.com (Postfix) with ESMTP id 52B0021F8B3A for <hybi@ietf.org>; Thu, 8 Sep 2011 14:32:05 -0700 (PDT)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 8 Sep 2011 14:33:58 -0700
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) with Microsoft SMTP Server (TLS) id 14.1.339.2; Thu, 8 Sep 2011 14:33:57 -0700
Received: from TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com ([169.254.4.161]) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.68]) with mapi id 14.01.0339.002; Thu, 8 Sep 2011 14:33:43 -0700
From: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
To: Willy Tarreau <w@1wt.eu>
Thread-Topic: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
Thread-Index: AQHMaA3rPzNumjQvEUO738RtlvbYEpU4lWeAgAlVZgCAAJXowIAB/bgA//+MdQA=
Date: Thu, 08 Sep 2011 21:33:43 +0000
Message-ID: <CA566BAEAD6B3F4E8B5C5C4F61710C11448BE3BB@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
References: <20110831184207.1514.64093.idtracker@ietfa.amsl.com> <0fc901cc6878$1681eec0$0a00a8c0@Venus> <CAH9hSJb2rH+fX0AnekYxsEkHKzb15aHrg_hDQw1baWLiWBF-3w@mail.gmail.com> <CA566BAEAD6B3F4E8B5C5C4F61710C11448BCD04@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <20110908211638.GD27297@1wt.eu>
In-Reply-To: <20110908211638.GD27297@1wt.eu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.29]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 21:32:06 -0000
Salut Willy, > On Wed, Sep 07, 2011 at 09:59:55PM +0000, Gabriel Montenegro wrote: > > [chair hat off] > > > > Notice also that one of the objections against masking was that it would > complicate sendfile() scenarios. Since these are expected to be more common > from server to the client, not masking in this direction was one of the selling > points of the final solution adopted. > > > > Since there are desirable benefits to not masking form server to client, and no > real scenarios have been identified to do so in that direction, personally, I prefer > to simplify: I like Takeshi-san's previous proposal, namely: > > > > " > > OLD: All frames sent from the server to the client are not masked. > > NEW: All frames sent from the server to the client MUST NOT be masked. > > > > Let's also change > > OLD: All frames sent from the client to the server are masked to avoid ... > > NEW: All frames sent from the client to the server MUST be masked to avoid > ... > > " > > As I indicated in another mail a few days ago, using this passive form always > causes trouble : when you receive something which is not supposed to be > possible, what should you do ? And if you're already able to process it anyway, > should you do it ? The WG already decided to be very strict about this: http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-14#section-10.7 If you find a protocol violation, there's no point in continuing with that peer. Less variability leads to less attack vectors, but also less code to test and maintain. This is why I still think Takeshi-san's proposal above is the best outcome. > > I'd rather suggest something like this : > > - clients are not required to accept masked frames, so the server MUST NOT > send masked frames. Whether clients accept or not masked frames has no > importance. > > - In order to ensure intermediary protection, clients MUST mask outgoing > frames, and servers MUST NOT accept unmasked frames. > > However, it would be nice if we insist that those requirements are made for the > public internet and are not a structural protocol requirement, so they MAY be > adapted in very specific environments if there is any benefit from doing so.
- Re: [hybi] what's next Peter Saint-Andre
- [hybi] I-D Action: draft-ietf-hybi-thewebsocketpr… internet-drafts
- [hybi] what's next Peter Saint-Andre
- Re: [hybi] what's next Julian Reschke
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Alexey Melnikov
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Alexey Melnikov
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Alexey Melnikov
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… SM
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… SM
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Greg Wilkins
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Martin J. Dürst
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Bruce Atherton