Re: [hybi] More on Payload Masking
John Tamplin <jat@google.com> Thu, 11 November 2010 19:30 UTC
Return-Path: <jat@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9FBEC3A6971 for <hybi@core3.amsl.com>; Thu, 11 Nov 2010 11:30:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.848
X-Spam-Level:
X-Spam-Status: No, score=-109.848 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AYM27pdANWpP for <hybi@core3.amsl.com>; Thu, 11 Nov 2010 11:30:13 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id 692063A69A5 for <hybi@ietf.org>; Thu, 11 Nov 2010 11:30:13 -0800 (PST)
Received: from kpbe19.cbf.corp.google.com (kpbe19.cbf.corp.google.com [172.25.105.83]) by smtp-out.google.com with ESMTP id oABJUgjT018808 for <hybi@ietf.org>; Thu, 11 Nov 2010 11:30:43 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1289503843; bh=B/iwr3TCQIbgUCGxR+xz0ZQVqSo=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=oXMetCVy4Bo9mDCYTIrSHzzy/EUNcIVY51jnO26nYU2iCIJtUL4AJDEdp/OsD1l8W ypq4Ooo1Za82OE7ZmCtZg==
Received: from ywf7 (ywf7.prod.google.com [10.192.6.7]) by kpbe19.cbf.corp.google.com with ESMTP id oABJUfPP018485 for <hybi@ietf.org>; Thu, 11 Nov 2010 11:30:41 -0800
Received: by ywf7 with SMTP id 7so232055ywf.8 for <hybi@ietf.org>; Thu, 11 Nov 2010 11:30:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=+r176HD+DkAnWXianh9S0bpx9DzN7xdpx5jMXUtyRaQ=; b=eE0LTm3AH2kTvbKC0N8pgleznQVkE+PTzGgEnugSn0nhqnCnlmGwTzzJ9Ht9vccZv+ k9mbobqAnWWIECuORyMg==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=HQEfyr18C3AjYQrwc9DwK2eIepNfG7wJ3mmzbK3ZTkXP8DMKTxMS+tRZ6Tnd8pWDM2 33KZyf0z3U0U98NY8Mng==
Received: by 10.151.158.12 with SMTP id k12mr2290376ybo.377.1289503841055; Thu, 11 Nov 2010 11:30:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.150.54.13 with HTTP; Thu, 11 Nov 2010 11:30:20 -0800 (PST)
In-Reply-To: <AANLkTimxxhJ3y+t+mtN-LHD+JY6Lnt2QQBtFJM36APJk@mail.gmail.com>
References: <AANLkTi=Q3oAM1rdqPHTLffN_yEGPCY9VM0CXPiNU4R79@mail.gmail.com> <AANLkTi=ACdGp535U_Lr3FWZbQGNLuRZSFatP7uBWtDtB@mail.gmail.com> <l5lmd6lv0dt84npcj00s1j6r20ul3sbv0f@hive.bjoern.hoehrmann.de> <AANLkTim9QaD5BKT3yvtOY=9ojKeKr8vV1SsG1s23ty=6@mail.gmail.com> <8qnmd6dgnpiq5mm1cui2eqhfkusc8c514d@hive.bjoern.hoehrmann.de> <AANLkTi=yUpKZ0RbWSZp6y+idkKnEY0HuHwNugHj8YC8+@mail.gmail.com> <AANLkTimxxhJ3y+t+mtN-LHD+JY6Lnt2QQBtFJM36APJk@mail.gmail.com>
From: John Tamplin <jat@google.com>
Date: Thu, 11 Nov 2010 14:30:20 -0500
Message-ID: <AANLkTikWr9GO_OBqjEC_0d5j30g21C+dfyxinRXwGZJ8@mail.gmail.com>
To: Zhong Yu <zhong.j.yu@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-System-Of-Record: true
Cc: Hybi <hybi@ietf.org>, Bjoern Hoehrmann <derhoermi@gmx.net>
Subject: Re: [hybi] More on Payload Masking
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 19:30:14 -0000
On Thu, Nov 11, 2010 at 2:15 PM, Zhong Yu <zhong.j.yu@gmail.com> wrote: >> Unless you can produce a particular encrypted counter value, the >> presence of XOR doesn't change the unforgeability. > > I assume we need a new counter for each WS frame? No, as it the encrypted counter is not predictable. > Isn't it equivalent, but simpler, if each WS frame payload is XOR-ed > by a random 128 bits mask. The mask is different from frame to frame, > generated by the sender, and carried within the frame. The point was that if the attacker knows the key, they can trivially produce arbitrary data after masking. If the UI chose a new random key for every frame, I think that would solve it but now we just added 16 bytes per frame after we worked so hard to keep the frame sizes down. If we are going to go that route, I would prefer to just say WebSocket doesn't support unencrypted connections (given the growing attacks against unencrypted connections maybe it isnt a bad idea anyway). -- John A. Tamplin Software Engineer (GWT), Google
- Re: [hybi] More on Payload Masking John Tamplin
- Re: [hybi] More on Payload Masking Bjoern Hoehrmann
- Re: [hybi] More on Payload Masking Bjoern Hoehrmann
- [hybi] More on Payload Masking Zhong Yu
- Re: [hybi] More on Payload Masking John Tamplin
- Re: [hybi] More on Payload Masking Bjoern Hoehrmann
- Re: [hybi] More on Payload Masking Bjoern Hoehrmann
- Re: [hybi] More on Payload Masking John Tamplin
- Re: [hybi] More on Payload Masking Greg Wilkins
- Re: [hybi] More on Payload Masking Willy Tarreau
- Re: [hybi] More on Payload Masking Scott Ferguson
- Re: [hybi] More on Payload Masking Zhong Yu
- Re: [hybi] More on Payload Masking Zhong Yu
- Re: [hybi] More on Payload Masking John Tamplin
- Re: [hybi] More on Payload Masking Zhong Yu
- Re: [hybi] More on Payload Masking Brodie Thiesfield