[hybi] "fresh" and "uniformly at random":
"Arman Djusupov" <arman@noemax.com> Fri, 17 June 2011 13:33 UTC
Return-Path: <arman@noemax.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E6DF11E8141 for <hybi@ietfa.amsl.com>; Fri, 17 Jun 2011 06:33:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1jGLid9BzFSx for <hybi@ietfa.amsl.com>; Fri, 17 Jun 2011 06:33:51 -0700 (PDT)
Received: from mail.noemax.com (mail.noemax.com [64.34.201.8]) by ietfa.amsl.com (Postfix) with ESMTP id 15BA611E8070 for <hybi@ietf.org>; Fri, 17 Jun 2011 06:33:50 -0700 (PDT)
Received: from ArmanLaptop by mail.noemax.com (IceWarp 9.4.1) with ASMTP (SSL) id ATY60454 for <hybi@ietf.org>; Fri, 17 Jun 2011 16:33:54 +0300
From: Arman Djusupov <arman@noemax.com>
To: hybi@ietf.org
Date: Fri, 17 Jun 2011 16:32:48 +0300
Message-ID: <000401cc2cf3$106d37d0$3147a770$@noemax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Acws8raLUlVMDYcyR/2WUi9MUdQf/g==
Content-Language: en-us
Subject: [hybi] "fresh" and "uniformly at random":
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2011 13:33:52 -0000
Hello, Reading carefully the following paragraph I was left wondering what is exactly meant by the use of "fresh" and "uniformly at random": "When preparing a masked frame, the client MUST pick a fresh masking key uniformly at random from the set of allowed 32-bit values. The unpredictability of the masking key is essential to prevent the author of malicious applications from selecting the bytes that appear on the wire." Could we use a term other than "fresh" and also clarify what "uniformly at random" means? This is a "MUST" section so it should be absolutely clear and proper in its wording. As it has now it seems to possibly be a bit vulnerable to being read in "uniformly at random" ways and open to a "fresh" interpretation by each implementor :) With best regards, Arman > -----Original Message----- > From: hybi-bounces@ietf.org [mailto:hybi-bounces@ietf.org] On Behalf Of > Peter Saint-Andre > Sent: Friday, June 17, 2011 2:49 AM > To: hybi@ietf.org > Subject: [hybi] -09: sending, closing, errors, extensions > > More comments... > > Section 6.1 states: > > 5. If the data is being sent by the client, the frame(s) MUST be > masked as defined in Section 4.3. > > Section 6.2 states: > > Data frames received by a server from a client MUST be unmasked as > described in Section 4.3. > > The word "unmasked" makes it sound like this contradicts the text in Section > 6.1 -- as in, "must not be masked" as opposed to "the server shall remove > the masking applied by the client". > > In Section 7, the text about the close /reason/ makes it sound as if an > application might choose to show UTF-8 encoded data to an end user. That > might lead the reader to think that language tagging might be necessary. > Is it? > > In Section 8.2, there is no deterministic server behavior upon receiving data > that is not valid UTF-8. Why? What use cases would motivate accepting such > data instead of just closing the connection? > > Section 9.1 says: > > Any extension-token used MUST either be a registered token > (registration TBD), or have a prefix of "x-" to indicate a private- > use token. > > It's probably not a good idea to have "registration TBD" in a document that is > going for IETF Last Call. :) Presumably a forward pointer to Section 11.6 would > suffice. > > Do we really want to encourage use of "x-"? See here for relevant > considerations (I plan to submit an updated version soon): > > http://tools.ietf.org/id/draft-saintandre-xdash-considered-harmful-01.txt > > Peter > > -- > Peter Saint-Andre > https://stpeter.im/ > >
- [hybi] "fresh" and "uniformly at random": Arman Djusupov
- Re: [hybi] "fresh" and "uniformly at random": Adam Barth
- Re: [hybi] "fresh" and "uniformly at random": Denis Lagno
- Re: [hybi] "fresh" and "uniformly at random": Adam Barth
- Re: [hybi] "fresh" and "uniformly at random": Denis Lagno
- Re: [hybi] "fresh" and "uniformly at random": Adam Barth
- Re: [hybi] "fresh" and "uniformly at random": Denis Lagno
- Re: [hybi] "fresh" and "uniformly at random": Adam Barth
- Re: [hybi] "fresh" and "uniformly at random": Arman Djusupov