IETF Logo Mail Archive

Re: [hybi] Call for interest: multiplexing dedicated for WebSocket

Tobias Oberstein <tobias.oberstein@tavendo.de> Thu, 30 May 2013 18:44 UTC

Return-Path: <tobias.oberstein@tavendo.de>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6792221F8F11 for <hybi@ietfa.amsl.com>; Thu, 30 May 2013 11:44:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCg79U-XAXkv for <hybi@ietfa.amsl.com>; Thu, 30 May 2013 11:44:00 -0700 (PDT)
Received: from EXHUB020-4.exch020.serverdata.net (exhub020-4.exch020.serverdata.net [206.225.164.31]) by ietfa.amsl.com (Postfix) with ESMTP id 791CA21F8F9E for <hybi@ietf.org>; Thu, 30 May 2013 11:44:00 -0700 (PDT)
Received: from [78.42.145.191] (78.42.145.191) by smtpx20.serverdata.net (206.225.164.36) with Microsoft SMTP Server (TLS) id 8.3.264.0; Thu, 30 May 2013 11:43:58 -0700
Message-ID: <51A79DF0.5060901@tavendo.de>
Date: Thu, 30 May 2013 20:44:00 +0200
From: Tobias Oberstein <tobias.oberstein@tavendo.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Roberto Peon <fenix@google.com>
References: <CAH9hSJZxr+aG7GZa4f-dUOTGj4bnJ+3XxivUX4jei5CMyqN4LQ@mail.gmail.com> <634914A010D0B943A035D226786325D4422C319646@EXVMBX020-12.exch020.serverdata.net> <CAH9hSJYrrbSM3TTSKCQ=AMcwCfE4zqNAa1kuAvecrXZTLqy2gQ@mail.gmail.com> <634914A010D0B943A035D226786325D4422C3DA774@EXVMBX020-12.exch020.serverdata.net> <CAHixhFrTk79A07BjQCgvep_+bmA4rGG1ZvqmoS6gsQYNPyPoZA@mail.gmail.com> <CAH9hSJYFa+bqN=e7x87W+Xvq-st70nbzUXniQaPme2fzspCjWA@mail.gmail.com> <51A70DF9.5010601@tavendo.de> <CAGzyod6daSOvAVHU6B=Qr0xDqNca_8iXrFYr0gTGdqZPryFFpA@mail.gmail.com>
In-Reply-To: <CAGzyod6daSOvAVHU6B=Qr0xDqNca_8iXrFYr0gTGdqZPryFFpA@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Call for interest: multiplexing dedicated for WebSocket
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 18:44:05 -0000

Am 30.05.2013 20:28, schrieb Roberto Peon:
> Different schemas have nothing to do with the CRIME attack.
> A pure HTTPS or WSS scheme could still be attacked with CRIME, with its
> success depending on the way the compression mechanism works.
> With the current HTTP/2 proposals it would be pretty difficult to attack
> using the techniques in the CRIME attack.
>
> The way CRIME works is to have a 3rd party include links to the
> site-to-attack. Thus it doesn't matter if the schemes are http, https,
> ws, wss, whatever.
> So, a restriction against muxing ws and wss together makes no sense as
> it provides no security benefit for CRIME.

What about the other issues listed?

Example:

An app first connect to a ws: address. Then the app opens a 2nd 
connection over wss: to the same target (IP:port) sending some sensitive 
information (either in cookies or in payload) relying on the presumed 
privacy/encryption provided by wss:.

An implementation of MUX might run the 2nd wss: connection as a logical 
WS connection over an _unencrypted_ physical ws: that was established in 
the first place upon the app opening the 1st ws: connection.

So at least the implementation must not mux logical wss: over physical ws:.

Transporting logical ws: over physical wss: seems less problematic.


> -=R
>
>
> On Thu, May 30, 2013 at 1:29 AM, Tobias Oberstein
> <tobias.oberstein@tavendo.de <mailto:tobias.oberstein@tavendo.de>> wrote:
>
>     Am 30.05.2013 09:28, schrieb Takeshi Yoshino:
>>     On Thu, May 30, 2013 at 1:12 PM, Adam Rice <ricea@google.com
>>     <mailto:ricea@google.com>> wrote:
>>
>>             So d) - f) cannot be multiplexed over the same physical WS
>>             as a) - c)?
>>
>>             Or can an implementation just "silently" transport a)-c)
>>             also over wss, and hence multiplex all of a) - f) over 1
>>             physical WS?
>>
>>
>>         The handshake does not currently include the schema, so there
>>         would be no way to communicate to the server that a)-c) were
>>         supposed to be ws:, not wss:.
>>
>>
>>     Right. I missed that point.
>>
>>         Even if this was amended, both client and server would have to
>>         be careful that no ambient authority leaked from the wss:
>>         channels to the ws: channels. For example: the client would
>>         have to be careful not to send "secure" cookies with the ws:
>>         handshakes, and the server would have to be careful not to
>>         apply any authority contained in a client TLS certificate to
>>         the ws: logical channels.
>>
>>         For this reason, I think it would be easiest not to attempt to
>>         multiplex ws: and wss: onto a single TCP/IP connection.
>>
>>
>>     Compression contexts, etc. also need to be isolated carefully to
>>     protect it from attack like CRIME.
>
>     I also agree with Adam. To summarize, given the possible "issues" of
>
>     - client cert based auth
>     - "secure" cookies / ambient authority
>     - compression contexts / CRIME
>
>     (plus complexities like: what if an app opens ws://domain.com, and
>     then _later_ opens wss://domain.com? Upgrade to TLS not possible
>     anymore .. cannot TLS handshake in the middle of an already
>     established non-TLS TCP where some traffic already traveled .. the
>     WS handshake at least.)
>
>     I think it would be good to include explicit text into the MUX
>     draft, e.g.
>
>     """
>     An implementation MUST NOT multiplex multiple logical channels to
>     WebSocket addresses with different schemes (ws: versus wss:) on a
>     single physical WebSocket connection.
>
>     For example, two WebSocket connections to ws://domain.com and
>     wss://domain.com must not be shared on a single physical WebSocket
>     connection to domain.com <http://domain.com>.
>     """
>
>     I also think it would be helpful to include explicit text describing
>     what WebSocket addresses are eligible for sharing, e.g.
>
>     """
>     An implementation MAY multiplex multiple logical channels to
>     different WebSocket addresses if and only if the WebSocket addresses
>     share the same WebSocket scheme, the hostname resolves to the same
>     IP address and the same port.
>
>     For example, connections to all of the following WebSocket addresses
>     may be multiplexed over a single physical WebSocket connection
>     (assum domain.com <http://domain.com>, domain2.com
>     <http://domain2.com> and sub1.domain.com <http://sub1.domain.com>
>     all resolve to the same IP address):
>
>     ws://domain.com
>     ws://domain.com:80
>     ws://domain.com/foo
>     ws://domain.com:80/foo
>     ws://domain.com/bar
>     ws://domain2.com
>     ws://sub1.domain.com
>     ws://sub1.domain.com:80
>     ws://sub1.domain.com:80/bar
>
>     Note: When a WS address does not specify an explicit port, the port
>     is the default port for the given WS scheme (ws: = 80 and wss: = 443).
>     """
>
>
>
>
>     /Tobias
>
>
>     _______________________________________________
>     hybi mailing list
>     hybi@ietf.org <mailto:hybi@ietf.org>
>     https://www.ietf.org/mailman/listinfo/hybi
>
>

v2.23.0 | Report a Bug | By Email