Re: [hybi] hybi Digest, Vol 51, Issue 14

Scott Morgan <scott@adligo.com> Tue, 28 May 2013 19:44 UTC

Return-Path: <scott@adligo.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 668C221F9600 for <hybi@ietfa.amsl.com>; Tue, 28 May 2013 12:44:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.376
X-Spam-Level:
X-Spam-Status: No, score=-1.376 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_24=0.6, NO_RELAYS=-0.001, WEIRD_PORT=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KqBM1S7rIfD for <hybi@ietfa.amsl.com>; Tue, 28 May 2013 12:44:08 -0700 (PDT)
Received: from mail-ie0-x229.google.com (mail-ie0-x229.google.com [IPv6:2607:f8b0:4001:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 101CD21F92A5 for <hybi@ietf.org>; Tue, 28 May 2013 12:44:07 -0700 (PDT)
Received: by mail-ie0-f169.google.com with SMTP id u16so22985215iet.0 for <hybi@ietf.org>; Tue, 28 May 2013 12:44:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=cDm3aMJGC9Eif2Tt+pEqnAINFMMFLr8NIwiCGAIBdxU=; b=Zm7WbZx9xUlcfQevZGaOf5wnpsjWBe5v6xGv2p39w916BvUdfy0uazBDRsY8Jq/xBN oWH1AZWVqQHlSWiFVDu32Cs0tS245aF9fSD8QnTgt/cP9SywP9EuOQ9rdpVuPt7rLtf7 9U4gO76iOpYEBR2mR8MC/WAS1kJ9SXq3Pc2UX8IJC0z12bhI09IZI1xuN1Y/QlwqBGVY bDLXz2XDSckn2YhxpLOP/nD3ToGja3fIXGuiCaRPbwYI43Mhw8CIDUWNMO8WBfGK+LQw WzY4Mdb8/c5ssdBbuQVToXiSS5KiDASuwY+Qlu32I5oD4Lb3LXgueV+poJT9Z5I45H0v sUAw==
MIME-Version: 1.0
X-Received: by 10.50.114.161 with SMTP id jh1mr7814226igb.112.1369770247350; Tue, 28 May 2013 12:44:07 -0700 (PDT)
Received: by 10.64.148.71 with HTTP; Tue, 28 May 2013 12:44:07 -0700 (PDT)
In-Reply-To: <mailman.3.1369767603.10801.hybi@ietf.org>
References: <mailman.3.1369767603.10801.hybi@ietf.org>
Date: Tue, 28 May 2013 14:44:07 -0500
Message-ID: <CANEdHmgDD4OCQf009FijtEjU=LzhLoNLZHvXsBxgROmzAyR4+w@mail.gmail.com>
From: Scott Morgan <scott@adligo.com>
To: hybi@ietf.org
Content-Type: multipart/alternative; boundary=089e0122ac44047acb04ddcc7de4
X-Gm-Message-State: ALoCoQmPF4F5iVrzFOD1+dT8JhKSAYp3yX+I5Z4Td9njiEZfgLORb2yyX30+V+4RNV4850bKLEw9
Subject: Re: [hybi] hybi Digest, Vol 51, Issue 14
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 May 2013 19:44:09 -0000

Hi,

    Also what will happen if multiple to the multiplexed ws if one of two
browser tabs calls close on the ws connection?
   Does the other tab force keep the ws connection open?
   Does the other tab have to auto recover and reopen the connection?

Sorry if I missed this somewhere in the drafts.
Just my 2cents.

   It's important for a attempt to block browser ip address spoofing on the
first ws connection in a the following use case;

1 Browser connects to a wss server
2 User does some authentication (ie user id, password)
3 wss server does authentication using user id, password and ip address
(for either some privileges or as a additional authentication parameter for
a success fail style authentication)
4 after successful auth message at the browser an the wss connection is
closed
 and a different wss is opened on the same port with a different path in
the url
5 The wss server only allows the different wss connection to open if there
is a http session from the original wss connection from the same ip address
of the first connection.

Not that this is a fool proof solution to ip address spoofing, but it would
at least provide some level of ip address spoofing support (as the spoofer
would need to know that it had to spoof twice).  If the connection stayed
open, the original spoof would remain in effect and this sort of attempt to
block ip address spoofing would be rendered completely in-effective.

Cheers,
Scott



On Tue, May 28, 2013 at 2:00 PM, <hybi-request@ietf.org> wrote:

> If you have received this digest without all the individual message
> attachments you will need to update your digest options in your list
> subscription.  To do so, go to
>
> https://www.ietf.org/mailman/listinfo/hybi
>
> Click the 'Unsubscribe or edit options' button, log in, and set "Get
> MIME or Plain Text Digests?" to MIME.  You can set this option
> globally for all the list digests you receive at this point.
>
>
>
> Send hybi mailing list submissions to
>         hybi@ietf.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.ietf.org/mailman/listinfo/hybi
> or, via email, send a message with subject or body 'help' to
>         hybi-request@ietf.org
>
> You can reach the person managing the list at
>         hybi-owner@ietf.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of hybi digest..."
>
>
> Today's Topics:
>
>    1. Re: Call for interest: multiplexing dedicated for WebSocket
>       (Takeshi Yoshino)
>    2. Re: I-D Action: draft-ietf-hybi-permessage-compression-09.txt
>       (Takeshi Yoshino)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 28 May 2013 15:22:39 +0900
> From: Takeshi Yoshino <tyoshino@google.com>
> To: Tobias Oberstein <tobias.oberstein@tavendo.de>
> Cc: "hybi@ietf.org" <hybi@ietf.org>
> Subject: Re: [hybi] Call for interest: multiplexing dedicated for
>         WebSocket
> Message-ID:
>         <
> CAH9hSJaAzpmkm2fvALma5YPhWs-E+5u1vOxdLZggJyJgEYGRUQ@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On Mon, May 27, 2013 at 8:59 PM, Tobias Oberstein <
> tobias.oberstein@tavendo.de> wrote:
>
> > >>However, when running _different_ apps on the same device connecting to
> > the same origin,
> >
> > >You meant same ws:// address?
> >
> > Yes, sorry not origin.
> >
> > I had a look into the MUX RFC again .. couldn't find anser to the
> > following (may have missed sth):
> >
>
> It's not yet specified.
>
>
> > What WS addresses would be eligible to be multiplexed over a single WS
> > connection?
> >
> > a) ws://somehost.com:999/
> > b) ws://somehost.com:999/foo
> > c) ws://somehost.com:999/bar
> >
> > d) wss://somehost.com:999/
> > e) wss://somehost.com:999/foo
> > f) wss://somehost.com:999/bar
> >
> > All of a) - f) are to the same target IP:port and hence could share the
> > same TCP.
> >
>
> I think it's fine.
>
>
> > However, d) - f) use wss, and hence have a TLS handshake right after TCP
> > establishment.
> >
>
> Right unless TLS parameters differ (such as client cert) between paths.
>
> See also SPDY's CREDENTIAL frame.
>
> https://github.com/grmocg/SPDY-Specification/blob/gh-pages/draft-mbelshe-spdy-00.txt
>
>
> > So d) - f) cannot be multiplexed over the same physical WS as a) - c)?
> >
>
> It's fine and up to the client.
>
>
> > Or can an implementation just "silently" transport a)-c) also over wss,
> > and hence multiplex all of a) - f) over 1 physical WS?
> >
> > Lastly, a)-c) are to the same target IP:port and also WS schema (ws, not
> > wss) - and hence can be multiplexed over 1 physical WS even though they
> are
> > to different URL paths?
> >
> > IOW: in the context of ws-mux, what is "same target"?
>
>
> Basically ip:port. We don't need to isolate them based on hostname, I
> believe, unless it's required by some security/privacy policy.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.ietf.org/mail-archive/web/hybi/attachments/20130528/0180f4a2/attachment.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Tue, 28 May 2013 16:19:18 +0900
> From: Takeshi Yoshino <tyoshino@google.com>
> To: "hybi@ietf.org" <hybi@ietf.org>
> Subject: Re: [hybi] I-D Action:
>         draft-ietf-hybi-permessage-compression-09.txt
> Message-ID:
>         <CAH9hSJYa8QA9VkOwS6GEr0+8iJcnQcpMy3X_fKwGQOuJRr=
> sEw@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi all,
>
> Please post your opinions and experience (implemented, faced any
> difficulties, found issues, etc.).
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.ietf.org/mail-archive/web/hybi/attachments/20130528/74b6e651/attachment.htm
> >
>
> ------------------------------
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>
>
> End of hybi Digest, Vol 51, Issue 14
> ************************************
>