Re: [hybi] RFC 6455 Client-Server Masking
Steven Atkinson <steven.atkinson@kaazing.com> Fri, 12 April 2013 18:30 UTC
Return-Path: <steven.atkinson@kaazing.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A67121F8D14 for <hybi@ietfa.amsl.com>; Fri, 12 Apr 2013 11:30:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.425
X-Spam-Level:
X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KhzJQF7D-UIk for <hybi@ietfa.amsl.com>; Fri, 12 Apr 2013 11:30:36 -0700 (PDT)
Received: from mail-vb0-x230.google.com (mail-vb0-x230.google.com [IPv6:2607:f8b0:400c:c02::230]) by ietfa.amsl.com (Postfix) with ESMTP id 30A8821F8C3C for <hybi@ietf.org>; Fri, 12 Apr 2013 11:30:35 -0700 (PDT)
Received: by mail-vb0-f48.google.com with SMTP id p13so2330050vbe.7 for <hybi@ietf.org>; Fri, 12 Apr 2013 11:30:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=2la0dYfFKlw1SKmckkoXxDrEeJdDNFNUjWgytWZlNnQ=; b=niskjOM43uPlLZmJeqfiEMfDRQ+66K1vUi0FnkPFC8YYTV37QnYGEdsV1pvdhxdMBt WOeH3+pTi3SSwkebZaE1BOFT0HLRq3mSsAhqTqv6n/P4HXCGDAnUUIEwcWgVBvZgDz9w VtNTMd2BmDxISQn+WswMcr3v0larycUuvr9Jwwr+kwKScLHMimvW+K5Y0EXQ5HeXuh66 7kg+wxE3aI+h+ZTLJo5qL4XVCgFbZzifgGml3ZW898r+uvEo/yPeYbDYGURPFVujiC10 IBDETnd6SeHOYWdLnN46Hmk2RkEnb6KSwyra6ElR+tdKCbvLp8wSWFKw9H4PiREV+5fI h69Q==
MIME-Version: 1.0
X-Received: by 10.52.232.196 with SMTP id tq4mr7928995vdc.15.1365791435169; Fri, 12 Apr 2013 11:30:35 -0700 (PDT)
Received: by 10.58.209.234 with HTTP; Fri, 12 Apr 2013 11:30:35 -0700 (PDT)
X-Originating-IP: [64.71.23.251]
In-Reply-To: <C999964D-E0F6-45A7-A0A1-AE36AEAF4315@gmail.com>
References: <5105BF2D.50104@googlemail.com> <C999964D-E0F6-45A7-A0A1-AE36AEAF4315@gmail.com>
Date: Fri, 12 Apr 2013 11:30:35 -0700
Message-ID: <CALr5ZcVe4Pek373d42V3KfcdO07ZJ4w54Gw98VA-NMM4kmGBBw@mail.gmail.com>
From: Steven Atkinson <steven.atkinson@kaazing.com>
To: Brian McKelvey <theturtle32@gmail.com>
Content-Type: multipart/alternative; boundary="089e01184abe54bb8804da2e19cb"
X-Gm-Message-State: ALoCoQmAhhGdddvMLURbH/eMfZBsAo48+t+5UKhOJoNpwbywlIeDRcOXR9gDWiGTsXsJbQBr+9Sx
Cc: "hybi@ietf.org" <hybi@ietf.org>, "denis.m.f.mcmahon@googlemail.com" <denis.m.f.mcmahon@googlemail.com>
Subject: Re: [hybi] RFC 6455 Client-Server Masking
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2013 18:30:37 -0000
To really boil this down to it's essentials, as far as I understand the masking, it's so that proxies cannot be confused or tricked into caching HTTP content when they are not supposed to. Consider using a WebSocket for sending HTTP request messages *within the envelope* of a WebSocket message. In this case, we would want to avoid proxies picking up the enveloped payload by mistake and caching it, otherwise an attacker could maliciously poison the cache of a proxy by sending HTTP content inside WebSocket messaging to purposefully control proxy behavior. The masking prevents/makes this harder because the payload will no longer look like HTTP and will be less likely to be misinterpreted by the proxy. One perhaps better alternative would have been to never mask, and mandate that WSS be the default, and that no plain-text WebSockets would be allowed. That way, we get "confusion" avoidance for intermediaries, but also get confidentiality and non-repudiation security properties. On Sun, Jan 27, 2013 at 5:26 PM, Brian McKelvey <theturtle32@gmail.com>wrote: > The purpose of the masking has nothing to do with preventing eavesdropping > or interception. It's meant to prevent malicious javascript running in a > web browser from connecting to arbitrary non-websocket services, or from > tricking http-unaware proxies into doing the attacker's bidding, caching > malicious data, etc. > > It's about preventing browsers from initiating attacks against > unsuspecting services, not about preventing eavesdropping or securing the > privacy of data in transit. The use of TLS with WebSockets is required for > that. > > Brian > > Sent from my iPhone > > On Jan 27, 2013, at 3:58 PM, Denis McMahon < > denis.m.f.mcmahon@googlemail.com> wrote: > > > The unpredictability of the masking key is essential to prevent authors > > of malicious applications from selecting the bytes that appear on the > wire. > > > > From this statement, I assume that the purpose of masking is "to prevent > > authors of malicious applications from selecting the bytes that appear > > on the wire." > > > > -= However =- > > > > The masking key is transmitted as part of the packet, and appears as 4 > > bytes ABCD. This is like sending data inside a locked casket for > > security, WITH THE KEY SAFELY TIED TO THE CASKET! > > > > It follows from the protocol description that to detect any arbitrary > > sequence of n bytes in length, it is merely necessary to determine the > > four possible bit sequences that those bytes might represent, and > > monitor for all four of those bit sequences. > > > > The masking sequence for any N bytes of data will be one of four > > sequences, based on the mask bytes ABCD: > > > > 012345678.....n > > ABCDABCDA...... > > BCDABCDAB...... > > CDABCDABC...... > > DABCDABCD...... > > > > Given any sequence b1 ... bn which the attacker wishes to detect, the > > attacker simply has to combine, for each frame, b1 ... bn with each of > > the 4 possible sequences of n bytes in length of masking bytes, and > > listen for all 4 sequences. Computationally this is a trivial exercise! > > > > This mechanism does nothing to significantly increase the difficulty of > > a malicious application listening to the bytes on the wire with the > > intention of detecting specific patterns. > > > > It would be much better if the protocol dropped the masking concept, > > stated that it makes no attempt to protect data from eavesdropping or > > interception, and made the recommendation that if data security is > > desired, then appropriate transport layer security eg RFC 5246 TLS1.2 / > > RFC 6101 SSL3.0 should be employed. > > > > Denis McMahon > > > > _______________________________________________ > > hybi mailing list > > hybi@ietf.org > > https://www.ietf.org/mailman/listinfo/hybi > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi > -- Sincerely, Steve Atkinson Software Engineer >|< Kaazing Corporation, CA USA >|<
- [hybi] RFC 6455 Client-Server Masking Denis McMahon
- Re: [hybi] RFC 6455 Client-Server Masking Brian McKelvey
- Re: [hybi] RFC 6455 Client-Server Masking Steven Atkinson
- Re: [hybi] RFC 6455 Client-Server Masking Martin Thomson
- Re: [hybi] RFC 6455 Client-Server Masking Bruce Atherton