IETF Logo Mail Archive

Re: [hybi] Intermediaries and idle connections (was Re: Technical feedback.)

Jamie Lokier <jamie@shareable.org> Mon, 01 February 2010 00:59 UTC

Return-Path: <jamie@shareable.org>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 90C5B28C12C for <hybi@core3.amsl.com>; Sun, 31 Jan 2010 16:59:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.32
X-Spam-Level:
X-Spam-Status: No, score=-2.32 tagged_above=-999 required=5 tests=[AWL=0.279, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w07JDpmJrz6D for <hybi@core3.amsl.com>; Sun, 31 Jan 2010 16:59:55 -0800 (PST)
Received: from mail2.shareable.org (mail2.shareable.org [80.68.89.115]) by core3.amsl.com (Postfix) with ESMTP id C439D28C12A for <hybi@ietf.org>; Sun, 31 Jan 2010 16:59:55 -0800 (PST)
Received: from jamie by mail2.shareable.org with local (Exim 4.63) (envelope-from <jamie@shareable.org>) id 1NbkeM-0001xm-AZ; Mon, 01 Feb 2010 01:00:22 +0000
Date: Mon, 01 Feb 2010 01:00:22 +0000
From: Jamie Lokier <jamie@shareable.org>
To: Maciej Stachowiak <mjs@apple.com>
Message-ID: <20100201010021.GA20940@shareable.org>
References: <4B62E516.2010003@webtide.com> <5c902b9e1001290756r3f585204h32cacd6e64fbebaa@mail.gmail.com> <4B636757.3040307@webtide.com> <E379EA13-D58A-4BFB-A62D-2B931A54E276@apple.com> <4B63DD6B.5030803@webtide.com> <E765982E-06B5-48BC-B75D-02E3F9555018@apple.com> <4B64B179.9050502@webtide.com> <2D6C6FEE-2019-44E4-BD82-7BF68B30A518@apple.com> <4B64D0B3.7050503@webtide.com> <3A1BA23A-D9B6-48F5-8639-DE12CF9939C0@apple.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <3A1BA23A-D9B6-48F5-8639-DE12CF9939C0@apple.com>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Intermediaries and idle connections (was Re: Technical feedback.)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2010 00:59:56 -0000

Maciej Stachowiak wrote:
>    As I understand it, the reason is security. If you strictly limit the
>    format of the handshake interchange, then its less likely that
>    WebSocket could be abused to talk to a non-WebSocket server - if you
>    need to trick it into echoing back something very specific, that's a
>    harder problem. It also makes the checks that the handshake was
>    correct simpler and therefore potentially more robust.

With that goal, it would be better to make the handshake response
*not* valid HTTP, and deliberately choose something that no HTTP
server would produce and no HTTP proxy would be likely to relay.

That would be better for security and for blocking relay through
unaware proxies, both of which are stated goals for the protocol.

-- Jamie

v2.23.0 | Report a Bug | By Email