Re: [hybi] Proposal: HTTP upgrade process
Maciej Stachowiak <mjs@apple.com> Mon, 16 August 2010 09:04 UTC
Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C648A3A697D for <hybi@core3.amsl.com>; Mon, 16 Aug 2010 02:04:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.779
X-Spam-Level:
X-Spam-Status: No, score=-105.779 tagged_above=-999 required=5 tests=[AWL=-0.669, BAYES_05=-1.11, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TzvtySHcnQRB for <hybi@core3.amsl.com>; Mon, 16 Aug 2010 02:04:26 -0700 (PDT)
Received: from mail-out3.apple.com (mail-out.apple.com [17.254.13.22]) by core3.amsl.com (Postfix) with ESMTP id D30A93A6960 for <hybi@ietf.org>; Mon, 16 Aug 2010 02:04:26 -0700 (PDT)
Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out3.apple.com (Postfix) with ESMTP id B6E83A3500CA for <hybi@ietf.org>; Mon, 16 Aug 2010 02:05:02 -0700 (PDT)
X-AuditID: 1180711d-b7bd5ae0000018e2-bd-4c68ff3ee9b9
Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay13.apple.com (Apple SCV relay) with SMTP id 9C.72.06370.E3FF86C4; Mon, 16 Aug 2010 02:05:02 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from [17.151.110.213] by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0L7800GX7MKER230@et.apple.com> for hybi@ietf.org; Mon, 16 Aug 2010 02:05:02 -0700 (PDT)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <AANLkTi=aR8+LgcoXDVhuu-HC2k3TB6YP2WcXEo8yC1Jz@mail.gmail.com>
Date: Mon, 16 Aug 2010 02:05:01 -0700
Message-id: <A311A6D0-B88B-4842-867C-A9D254DE0132@apple.com>
References: <AANLkTi=aR8+LgcoXDVhuu-HC2k3TB6YP2WcXEo8yC1Jz@mail.gmail.com>
To: Greg Wilkins <gregw@webtide.com>
X-Mailer: Apple Mail (2.1081)
X-Brightmail-Tracker: AAAAAQAAAZE=
Cc: hybi@ietf.org
Subject: Re: [hybi] Proposal: HTTP upgrade process
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2010 09:04:27 -0000
On Aug 15, 2010, at 6:23 PM, Greg Wilkins wrote: > All, > > there has been a lot of posting about the -76/-00 style handshake, > it's HTTP compliance issues, it's fast fail (or otherwise) > characteristics, it security features etc. I don't think any of the > conversations have been very productive nor is there any apparent > convergence on a solution. > > I think the reason for his is that we are starting with a solutions > (the 8 random bytes etc.) and trying to reverse engineer the > requirements for it and a retrospective consensus for it's inclusion > into the draft. Thus I would like to propose that we re-start > consideration of the handshake with the -75 style handshake and try to > move forward from there by identifying problems/requirements, > discussing solutions and then applying the consensus solution to move > forward. It's not clear to me if the random 8 bytes have been sufficiently justified. My understanding is that it's intended as a fast-fail mechanism for problematic intermediaries, but I don't think it's been demonstrated that it works. However, I do not think reverting to an earlier version of the protocol would be a productive step: (1) The WG adopted the -76 version. It seems reasonable to me that we should move forward from there. Jumping back to earlier versions will just force us to re-solve various problems. (2) The -75 version had significant vulnerability to cross-protocol attacks, which is a critical security issue. While -76 is not the best effort we've seen, it is far better than -75. These security fixes are not all dependent on the magic 8 bytes. I think it would be irrational to revert critical security security fixes over a tangentially related issue. (3) At the time of the -75 draft, it was claimed by many WG that it was not HTTP compliant. If that is indeed the case, then I do not see what purpose is served by trading the non-HTTP-compliance of -76 for the different non-HTTP-compliance of -75. Conclusion: we should solve the "8 random bytes" problem, or at least, figure out if the benefits outweigh the costs, but not by reverting to an earlier draft. Regards, Maciej
- Re: [hybi] Proposal: HTTP upgrade process Vladimir Katardjiev
- [hybi] Proposal: HTTP upgrade process Greg Wilkins
- Re: [hybi] Proposal: HTTP upgrade process Willy Tarreau
- Re: [hybi] Proposal: HTTP upgrade process Maciej Stachowiak
- Re: [hybi] Proposal: HTTP upgrade process Daniel Stenberg
- Re: [hybi] Proposal: HTTP upgrade process Shelby Moore
- Re: [hybi] Proposal: HTTP upgrade process Vladimir Katardjiev
- Re: [hybi] Proposal: HTTP upgrade process Willy Tarreau
- Re: [hybi] Proposal: HTTP upgrade process Vladimir Katardjiev
- Re: [hybi] Proposal: HTTP upgrade process Salvatore Loreto
- Re: [hybi] Proposal: HTTP upgrade process Shelby Moore