Re: [hybi] Call for interest: multiplexing dedicated for WebSocket

Takeshi Yoshino <tyoshino@google.com> Thu, 30 May 2013 07:28 UTC

Return-Path: <tyoshino@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 113EE21F9602 for <hybi@ietfa.amsl.com>; Thu, 30 May 2013 00:28:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.545
X-Spam-Level:
X-Spam-Status: No, score=-1.545 tagged_above=-999 required=5 tests=[AWL=0.432, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKa-IOYdijkH for <hybi@ietfa.amsl.com>; Thu, 30 May 2013 00:28:36 -0700 (PDT)
Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 33F6D21F962E for <hybi@ietf.org>; Thu, 30 May 2013 00:28:34 -0700 (PDT)
Received: by mail-we0-f173.google.com with SMTP id p57so6932678wes.4 for <hybi@ietf.org>; Thu, 30 May 2013 00:28:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=vQXdUWNkT/MdeJhlJ84Po9vG9I/392Kaquigg7wdEzU=; b=esgvbNqQPzMbFIrbp3aOobnGXwkByOPbZ19pjpnRsuKkcyKVAc+Hu8cZiTQL7D2ppY vwsTyf8lAwvLIab5MoqG1PFJTKAcKHwnwyFT78PmVXo4Pf4bX7h39pAB9yekiBaa+OEy 1P/Tj1yxuVGfPvdk5LfS2GU8k1Rfd9Faggtn403IWKB9rH6Uq3BFJcZIqXhzsmPb5huV xFSs79QjCZOLmKKUs0oLcN7ep3jFVq8ETJLYzJsNNnKdUtSOzJyU9nQleA/Nhfw08qfx BdBwGiBgTfg3z6iR+dkRkdFkUsu5SoQiISXTG+07s9ifNO8OeKaP9/69LcR2x0InoYEQ vyPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=vQXdUWNkT/MdeJhlJ84Po9vG9I/392Kaquigg7wdEzU=; b=Ex1WFpaKE3fIqppq1fxNAI+ZMfMIP7rTb5R/Cezqd5RYElk7WtbRypYC18tcx3Ui01 cQPFZgiSmdxkvXfC1o5rE2e7DnkCEaeMYuvPMQWj2e7lA1Vjk17rWHD+urCNe6a8V3FC aIF8yQI5yLtxQ+nVGTn7wepsp7Fa+yOG88tCF75oKZUQ1ZnoVyqLf6Q4YjgoofGJeePE cskeuf4EJTTaf3IbpPvUsAOSUemYmR/HThgm1Adu43rUzAlZQ7URLbVMnYnXC1YOX2CB VprS+Xfw7/Uae3ymCZZx1egZwifRSoWTqGAWYUt3XjyEWR1QhSyluVPpxc55FH2fCj3V C5Ew==
X-Received: by 10.194.87.71 with SMTP id v7mr3263331wjz.33.1369898914306; Thu, 30 May 2013 00:28:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.180.5.136 with HTTP; Thu, 30 May 2013 00:28:14 -0700 (PDT)
In-Reply-To: <CAHixhFrTk79A07BjQCgvep_+bmA4rGG1ZvqmoS6gsQYNPyPoZA@mail.gmail.com>
References: <CAH9hSJZxr+aG7GZa4f-dUOTGj4bnJ+3XxivUX4jei5CMyqN4LQ@mail.gmail.com> <634914A010D0B943A035D226786325D4422C319646@EXVMBX020-12.exch020.serverdata.net> <CAH9hSJYrrbSM3TTSKCQ=AMcwCfE4zqNAa1kuAvecrXZTLqy2gQ@mail.gmail.com> <634914A010D0B943A035D226786325D4422C3DA774@EXVMBX020-12.exch020.serverdata.net> <CAHixhFrTk79A07BjQCgvep_+bmA4rGG1ZvqmoS6gsQYNPyPoZA@mail.gmail.com>
From: Takeshi Yoshino <tyoshino@google.com>
Date: Thu, 30 May 2013 16:28:14 +0900
Message-ID: <CAH9hSJYFa+bqN=e7x87W+Xvq-st70nbzUXniQaPme2fzspCjWA@mail.gmail.com>
To: Adam Rice <ricea@google.com>
Content-Type: multipart/alternative; boundary=047d7bf10ab02a702704ddea72ed
X-Gm-Message-State: ALoCoQmkUuPs89OKr7khGWNLEtsBvdxXUs1mVFYWODuuseU23d9UNjB/D6cUbgdvhjug3X/62DZEGd3SQmx2QP9vcLAEuUNT98v4IU/AoascIXSN2cpXMYgI2dRbTVTjd4y4IHicAYGauBVc5FEUCJK7ztpYXEHVRp6VFNuRcJD0BlQmwW2m4yuW39yooWIJL1q0CbPGPaJC
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Call for interest: multiplexing dedicated for WebSocket
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 07:28:37 -0000

On Thu, May 30, 2013 at 1:12 PM, Adam Rice <ricea@google.com> wrote:

> So d) - f) cannot be multiplexed over the same physical WS as a) - c)?
>>
>> Or can an implementation just "silently" transport a)-c) also over wss,
>> and hence multiplex all of a) - f) over 1 physical WS?
>>
>
> The handshake does not currently include the schema, so there would be no
> way to communicate to the server that a)-c) were supposed to be ws:, not
> wss:.
>

Right. I missed that point.


>  Even if this was amended, both client and server would have to be
> careful that no ambient authority leaked from the wss: channels to the ws:
> channels. For example: the client would have to be careful not to send
> "secure" cookies with the ws: handshakes, and the server would have to be
> careful not to apply any authority contained in a client TLS certificate to
> the ws: logical channels.
>
> For this reason, I think it would be easiest not to attempt to multiplex
> ws: and wss: onto a single TCP/IP connection.
>

Compression contexts, etc. also need to be isolated carefully to protect it
from attack like CRIME.