IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Adam Barth <ietf@adambarth.com> Wed, 06 October 2010 01:10 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C06573A70BF for <hybi@core3.amsl.com>; Tue, 5 Oct 2010 18:10:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[AWL=-0.022, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0aproW7z+OK for <hybi@core3.amsl.com>; Tue, 5 Oct 2010 18:10:51 -0700 (PDT)
Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by core3.amsl.com (Postfix) with ESMTP id 211223A70BE for <hybi@ietf.org>; Tue, 5 Oct 2010 18:10:47 -0700 (PDT)
Received: by qwd6 with SMTP id 6so449663qwd.27 for <hybi@ietf.org>; Tue, 05 Oct 2010 18:11:46 -0700 (PDT)
Received: by 10.224.65.228 with SMTP id k36mr8680153qai.35.1286327506132; Tue, 05 Oct 2010 18:11:46 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id p30sm177079vcf.2.2010.10.05.18.11.44 (version=SSLv3 cipher=RC4-MD5); Tue, 05 Oct 2010 18:11:45 -0700 (PDT)
Received: by iwn3 with SMTP id 3so10737971iwn.31 for <hybi@ietf.org>; Tue, 05 Oct 2010 18:11:43 -0700 (PDT)
Received: by 10.231.35.66 with SMTP id o2mr5202503ibd.30.1286327502086; Tue, 05 Oct 2010 18:11:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.149.20 with HTTP; Tue, 5 Oct 2010 18:11:11 -0700 (PDT)
In-Reply-To: <4CABCBFA.6020100@caucho.com>
References: <AANLkTikszM0pVE-0dpZ2kv=i=y5yzS2ekeyZxtz9N=fQ@mail.gmail.com> <20100928052501.GD12373@1wt.eu> <CA8029B0-71A3-44ED-88C6-934FE833BBA2@apple.com> <AANLkTim+fXj-h6OS3OdcfVfh3Q1UwxD8NLVawb=AWHX+@mail.gmail.com> <4FAC5C93-9BDF-4752-AFBC-162D718397AB@apple.com> <AANLkTikcH1W3bQwumqHbe-Yqa3XdoJqCa2b-mZuvoQ7g@mail.gmail.com> <9746E847-DC8B-45A7-ADF3-2ADB9DA7F82E@apple.com> <AANLkTik9igUwoxVrktoBoZrPoUW=Tjh7HyVbGJgQYes-@mail.gmail.com> <9F595226-FA0A-4C38-A6D0-0F4214BD7D21@apple.com> <4CA4BE10.1010709@caucho.com> <AANLkTi=wKFnNOuM+U3fktAFRn3R5OZ7c6PR2W3EAy7tm@mail.gmail.com> <4CA53E6B.1040808@caucho.com> <AANLkTikOyvF5AHTf4sDD=rWmK2FTD6R6LaHa4KTqkbcm@mail.gmail.com> <4CA68098.8010404@caucho.com> <AANLkTinYhW9MnnM3tkbCWziePyM7mFUEteKhw5OGp-eS@mail.gmail.com> <AANLkTi=_ejOCNiM49VW5q05=H7-M0jzAvXvGaKM1b7mX@mail.gmail.com> <AANLkTimyJj+Jxz1Q6fLrQ8iosGkD+0shUh3=td+jX_Do@mail.gmail.com> <4CA772A1.2090808@caucho.com> <AANLkTi=nLixtxMEd4B58Zp5FRbquNX2C_=7gCf9BGGQs@mail.gmail.com> <4CABCBFA.6020100@caucho.com>
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 05 Oct 2010 18:11:11 -0700
Message-ID: <AANLkTi=5wbCXWpOtUQT1MndgCxt9gj6uR_3U=nONpjKc@mail.gmail.com>
To: Scott Ferguson <ferg@caucho.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2010 01:10:55 -0000

On Tue, Oct 5, 2010 at 6:08 PM, Scott Ferguson <ferg@caucho.com> wrote:
> Adam Barth wrote:
>> On Sat, Oct 2, 2010 at 10:57 AM, Scott Ferguson <ferg@caucho.com> wrote:
>>> Your DNS example did not weaken requirement #1, because it didn't
>>> identify a
>>> server or proxy that could calculate the hash. Your "relay back" either
>>> used
>>> the browser itself as a websocket proxy or it meant time travel.
>>
>> I'm not sure you understood the DNS example correctly.  The forged DNS
>> request is for foo.attacker.com, which means the nonce is sent to the
>> attacker's DNS server.  The attacker's DNS server can easily compute
>> the HMAC and send it back in a DNS response.  The HMAC will then get
>> relayed through the DNS and returned to the browser.
>
> If you assume the hijacker has control of a DNS server to act as a proxy,
> you may as well assume he has control of an actual WebSocket server to act
> as a proxy.

Huh?  That doesn't make any sense.  If you run a stock DNS server, it
will proxy lots of information from authoritative DNS servers around
the world.  That's the whole point of DNS.

Adam

v2.23.0 | Report a Bug | By Email