Re: [hybi] Masking only Payload/Extension Data
Andy Green <andy@warmcat.com> Wed, 09 March 2011 07:45 UTC
Return-Path: <andy.warmcat.com@googlemail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ECD4F3A685D for <hybi@core3.amsl.com>; Tue, 8 Mar 2011 23:45:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.586
X-Spam-Level:
X-Spam-Status: No, score=-4.586 tagged_above=-999 required=5 tests=[AWL=1.013, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REdu7zM6mL0k for <hybi@core3.amsl.com>; Tue, 8 Mar 2011 23:45:57 -0800 (PST)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id BEDDF3A6822 for <hybi@ietf.org>; Tue, 8 Mar 2011 23:45:56 -0800 (PST)
Received: by wwa36 with SMTP id 36so191444wwa.13 for <hybi@ietf.org>; Tue, 08 Mar 2011 23:47:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:sender:message-id:date:from:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=XApMwh8wCql0p/pmXBgCtRMHIWo/AP4wm2WNDBBL7Ow=; b=mfiJULMi9+MjFq78Rqb5ujl5FKFrZz5cRyqSNu+a7vGwfg2uRffmTgbNNZykGXrp7D wk0u7fkjxSWMKjY1I/YFyZ9CkW5LlqdbrOpBwyXLOPRy7+rrwnT/l+iDEdMfIZhUgpz0 tiOCxKKmGEKI4ZoCTBIRORMgIxqOLTZGuQENY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=ZXtPkJL0rbdFK33vScsj3kL3qp56cqGIkU8pGNo70J3VU80D4bKyyqEiEFM4+4rfBA qbA8ylZslyZZIKVKgkeewP75bzuH7vbICegCZmrCnYqiM2+Ppye0FYVD1BLBldi852uY KIiwqAJ3N+fLBmAq8KsRcGWgf6s5NpQjGgexs=
Received: by 10.227.174.199 with SMTP id u7mr5444679wbz.75.1299656832245; Tue, 08 Mar 2011 23:47:12 -0800 (PST)
Received: from otae.warmcat.com (cpc1-nrte21-2-0-cust677.8-4.cable.virginmedia.com [81.111.78.166]) by mx.google.com with ESMTPS id o6sm1247083wbo.21.2011.03.08.23.47.11 (version=SSLv3 cipher=OTHER); Tue, 08 Mar 2011 23:47:11 -0800 (PST)
Sender: Andy Green <andy.warmcat.com@googlemail.com>
Message-ID: <4D77307E.8080201@warmcat.com>
Date: Wed, 09 Mar 2011 07:47:10 +0000
From: Andy Green <andy@warmcat.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110302 Fedora/3.1.8-3.fc16 Thunderbird/3.1.8
MIME-Version: 1.0
To: Brian <theturtle32@gmail.com>
References: <AANLkTim7js6hPBMoEgmzr3gH-NuRYkEZ-pAePkgo=Q=L@mail.gmail.com>
In-Reply-To: <AANLkTim7js6hPBMoEgmzr3gH-NuRYkEZ-pAePkgo=Q=L@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Masking only Payload/Extension Data
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 07:45:58 -0000
On 03/09/2011 07:29 AM, Somebody in the thread at some point said: > In hope of getting consensus on the idea that only the payload and > extension data should be masked and not the framing itself, I took a > pass at adjusting sections 4.1 and 4.2 accordingly. It didn't take > much, just a few minor tweaks. > > What do you think? Any chance we could reach a rough consensus on > masking only the extension/payload data? +1 from me. It also solves Toni Ruottu's slightly exotic case where he might want to mask his server frames, since he can do that as a legit extension negotiated at handshake-time, stick his mask as first extension data, then and the framing and content structure is identical to masked client frames. I also remind folks that to set the clear length field in Javascript, you have to get the browser to accept to create an object of the requisite length. That extends past 1GB for 4 bytes of ASCII and 256GB for 5 bytes of ASCII starting with a letter. Since the next thing is defined to be the mask in extension data, 3 or 4 bytes of control is all you can realistically hope for. If you can knock over an intermediary with 4 bytes, then it will fall over anyway once every 4G frames that go through it and beyond caring about. -Andy
- [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data Pat McManus @Mozilla
- Re: [hybi] Masking only Payload/Extension Data Willy Tarreau
- Re: [hybi] Masking only Payload/Extension Data Joel Martin
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Willy Tarreau
- Re: [hybi] Masking only Payload/Extension Data Joel Martin
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Pat McManus @Mozilla
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Patrick McManus
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data Julian Reschke
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Salvatore Loreto