Re: [hybi] Insight you need to know: Browsers are at fault when servers crash
Adam Barth <ietf@adambarth.com> Mon, 26 July 2010 07:39 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2C9563A69D2 for <hybi@core3.amsl.com>; Mon, 26 Jul 2010 00:39:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.66
X-Spam-Level:
X-Spam-Status: No, score=-1.66 tagged_above=-999 required=5 tests=[AWL=0.317, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1JD0CpGBXW3n for <hybi@core3.amsl.com>; Mon, 26 Jul 2010 00:39:23 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 2B7063A687D for <hybi@ietf.org>; Mon, 26 Jul 2010 00:39:23 -0700 (PDT)
Received: by iwn38 with SMTP id 38so2766389iwn.31 for <hybi@ietf.org>; Mon, 26 Jul 2010 00:39:44 -0700 (PDT)
Received: by 10.231.146.134 with SMTP id h6mr8100306ibv.170.1280129983825; Mon, 26 Jul 2010 00:39:43 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id e8sm3410186ibb.14.2010.07.26.00.39.42 (version=SSLv3 cipher=RC4-MD5); Mon, 26 Jul 2010 00:39:42 -0700 (PDT)
Received: by iwn38 with SMTP id 38so2766363iwn.31 for <hybi@ietf.org>; Mon, 26 Jul 2010 00:39:42 -0700 (PDT)
Received: by 10.231.190.132 with SMTP id di4mr8212163ibb.78.1280129982186; Mon, 26 Jul 2010 00:39:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.79.85 with HTTP; Mon, 26 Jul 2010 00:39:22 -0700 (PDT)
In-Reply-To: <FA3856A4-FF29-430E-8BE4-3049F1E33A03@apple.com>
References: <AANLkTilfxps1wWjFrwrH_3Js6Q9E331AMKFRNHfeHcdL@mail.gmail.com> <AANLkTi=vPAnnK0=gE=YN10vt9b-f6sWXXcwK+La5SriO@mail.gmail.com> <623C6D70-B4AF-49EC-BA07-6F90BD0FFFBF@apple.com> <AANLkTi=Q-PVrdaWuOu3H=wUiphe6JB4C+LauSOXKozoY@mail.gmail.com> <AANLkTi=Z-Zw3gJAdwQMAqG5UUVnV_kgsGm3M_qQ2Bwt7@mail.gmail.com> <8B47440C-7CFD-442F-94E3-96A8EBE7D25D@apple.com> <AANLkTimRo_ubic96z3VgwexiOw0KJg10HQedmcuBs6jp@mail.gmail.com> <FA3856A4-FF29-430E-8BE4-3049F1E33A03@apple.com>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 26 Jul 2010 09:39:22 +0200
Message-ID: <AANLkTim14YJgikfeU9k84xMqtcFt0cdqJQZcsNmvt-Eo@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: hybi@ietf.org
Subject: Re: [hybi] Insight you need to know: Browsers are at fault when servers crash
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2010 07:39:24 -0000
On Mon, Jul 26, 2010 at 7:15 AM, Maciej Stachowiak <mjs@apple.com> wrote: > On Jul 25, 2010, at 10:12 PM, John Tamplin wrote: > On Mon, Jul 26, 2010 at 1:03 AM, Maciej Stachowiak <mjs@apple.com> wrote: >> I think the idea here would be to use encryption solely to prevent the >> attacker from predicting either input or output bytes - in effect to >> scramble the bits, rather than to provide confidentiality. > > Ineffective encryption doesn't really pose a barrier to producing plain text > to produce a desired cipher text. Maybe if the key can't be controlled by > the attacker and varies on each packet, but it still seems like you are > playing with fire to say you don't have to use a secure encryption method to > prevent this. > > Let's see the details of Adam's idea before we discuss further. Sorry, I'm slightly distracted at the IETF meeting in Maastricht at the moment. Here's the main idea. Mike wanted to know if there was any way to avoid the round-trip in the current handshake (I think he views round-trips as quite expensive). That leaves us with the following requirements: 1) Zero round trips. 2) We can't send attacker-controlled bytes to the server before the server proves it understands web sockets. So how can we start sending content before hearing back from the server? The idea is to encrypt the bytes using a key that a WebSocket server can derive but that look uniformly at random to a non-WebSocket server. The easiest way to do this is for the client to send the server a nonce and then for the client and server to hash that nonce with a GUID that identifies the WebSocket protocol to generate an encryption key. You can then encrypt the attacker's content using that key (e.g., using AES, RC4, or whatever you like). Now, I should say this give slightly weaker security properties than a handshake that waits for the server to opt-in. For example, if the server falls over (or generates print jobs) when it receives random bytes, then we'll still get in trouble, but limiting the attacker to random bytes reduce the attack surface significantly. It's probably also a good idea to limit how much data we're willing to send before hearing back from the server, but this idea allows some flexibility beyond zero. There isn't really any dependency between the format of the handshake and this trick for saving the round-trip. You can build the entire handshake using this idea so that the server only receives random-looking bytes, but, as Maciej mentions, that makes it difficult to share with an HTTP server. You can also this this idea at the end of an HTTP-like handshake to get started sending data without waiting for the server to reply. Adam
- [hybi] Insight you need to know: Browsers are at … Mike Belshe
- Re: [hybi] Insight you need to know: Browsers are… Greg Wilkins
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Mike Belshe
- Re: [hybi] Insight you need to know: Browsers are… John Tamplin
- Re: [hybi] Insight you need to know: Browsers are… Mike Belshe
- Re: [hybi] Insight you need to know: Browsers are… John Tamplin
- Re: [hybi] Insight you need to know: Browsers are… Willy Tarreau
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… John Tamplin
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Mike Belshe
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Willy Tarreau
- Re: [hybi] Insight you need to know: Browsers are… Roderick Baier
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Willy Tarreau
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Willy Tarreau
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Scott Ferguson
- Re: [hybi] Insight you need to know: Browsers are… Roberto Peon
- Re: [hybi] Insight you need to know: Browsers are… Thomson, Martin
- Re: [hybi] Insight you need to know: Browsers are… Shelby Moore
- Re: [hybi] Insight you need to know: Browsers are… John Tamplin
- Re: [hybi] Insight you need to know: Browsers are… Shelby Moore
- Re: [hybi] Insight you need to know: Browsers are… Shelby Moore