IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Greg Wilkins <gregw@webtide.com> Sat, 09 October 2010 00:40 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 099A63A6359 for <hybi@core3.amsl.com>; Fri, 8 Oct 2010 17:40:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.747
X-Spam-Level:
X-Spam-Status: No, score=-1.747 tagged_above=-999 required=5 tests=[AWL=0.230, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWHzGlNl9SCp for <hybi@core3.amsl.com>; Fri, 8 Oct 2010 17:40:41 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 149223A696D for <hybi@ietf.org>; Fri, 8 Oct 2010 17:40:41 -0700 (PDT)
Received: by iwn10 with SMTP id 10so1768679iwn.31 for <hybi@ietf.org>; Fri, 08 Oct 2010 17:41:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.42.15.67 with SMTP id k3mr396695ica.490.1286584906988; Fri, 08 Oct 2010 17:41:46 -0700 (PDT)
Received: by 10.231.39.199 with HTTP; Fri, 8 Oct 2010 17:41:46 -0700 (PDT)
In-Reply-To: <AANLkTi=nKUbZB5Br6GaXG=5quXgjc2tu7cDUrkLOpMJQ@mail.gmail.com>
References: <AANLkTikszM0pVE-0dpZ2kv=i=y5yzS2ekeyZxtz9N=fQ@mail.gmail.com> <4CA53E6B.1040808@caucho.com> <AANLkTikOyvF5AHTf4sDD=rWmK2FTD6R6LaHa4KTqkbcm@mail.gmail.com> <4CA68098.8010404@caucho.com> <AANLkTinYhW9MnnM3tkbCWziePyM7mFUEteKhw5OGp-eS@mail.gmail.com> <AANLkTi=_ejOCNiM49VW5q05=H7-M0jzAvXvGaKM1b7mX@mail.gmail.com> <AANLkTimyJj+Jxz1Q6fLrQ8iosGkD+0shUh3=td+jX_Do@mail.gmail.com> <4CA772A1.2090808@caucho.com> <AANLkTi=nLixtxMEd4B58Zp5FRbquNX2C_=7gCf9BGGQs@mail.gmail.com> <4CABCBFA.6020100@caucho.com> <AANLkTi=5wbCXWpOtUQT1MndgCxt9gj6uR_3U=nONpjKc@mail.gmail.com> <4CABD11F.3060500@caucho.com> <AANLkTiksehiSp7DB17MBVBb457p6pN5E8vma6FHz1c9j@mail.gmail.com> <4CACA667.3040309@caucho.com> <4CAF9589.1060007@caucho.com> <AANLkTinnnT5Oib7FvDdZF2q_WUT8=q8KNmfkfajE0Mor@mail.gmail.com> <4CAFA043.10101@caucho.com> <AANLkTi=eo-cjBz160FN0cn53v4-CpDSYaEneqkr_ZP7k@mail.gmail.com> <4CAFAC2B.5000800@caucho.com> <AANLkTi=0WOHJ-+JRKz3biDKaW1qRrM7pXCuqYhB4M3X3@mail.gmail.com> <4CAFB724.9040108@caucho.com> <AANLkTi=nKUbZB5Br6GaXG=5quXgjc2tu7cDUrkLOpMJQ@mail.gmail.com>
Date: Sat, 09 Oct 2010 11:41:46 +1100
Message-ID: <AANLkTi=RVyPsB2TakQAh3CjRYDp35HBNqs8eH4mkbW6+@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Adam Barth <ietf@adambarth.com>
Content-Type: text/plain; charset="UTF-8"
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Oct 2010 00:40:42 -0000

On 9 October 2010 11:36, Adam Barth <ietf@adambarth.com> wrote:
> Requiring existing servers to update themselves to be secure from new
> browser features is a non-starter.

Existing servers must continually update their operating systems and
server software if they are to stay secure.

So I agree that requiring an update in order to secure websockets is
not reasonable. But  I do believe that we could add some extra levels
of defence and close of some areas where we may have some slight
concerns, by proposing some reasonable updates to add some more layers
of defence and these would be applied to a large proportion of servers
in a reasonable time frame.

regards

v2.23.0 | Report a Bug | By Email