Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-09.txt

Patrick McManus <> Wed, 15 June 2011 00:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A907621F84E9 for <>; Tue, 14 Jun 2011 17:35:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_14=0.6]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RwDngaH0D5Lf for <>; Tue, 14 Jun 2011 17:35:35 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id ACE7D21F8480 for <>; Tue, 14 Jun 2011 17:35:35 -0700 (PDT)
Received: by (Postfix, from userid 1000) id F126010193; Tue, 14 Jun 2011 20:35:34 -0400 (EDT)
Received: from [] ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 9C92510154; Tue, 14 Jun 2011 20:35:30 -0400 (EDT)
From: Patrick McManus <>
To: Gabriel Montenegro <>
In-Reply-To: <>
References: <> <> <1308062227.1944.162.camel@ds9> <> <1308074802.1944.175.camel@ds9> <> <>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 14 Jun 2011 20:35:26 -0400
Message-ID: <1308098126.1944.194.camel@ds9>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.2
Content-Transfer-Encoding: 7bit
Cc: "" <>
Subject: Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-09.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 15 Jun 2011 00:35:36 -0000

On Tue, 2011-06-14 at 22:43 +0000, Gabriel Montenegro wrote:

> Whatever it is, it is best if both RSV and Opcode are handled the same way (either always fail the connection or always ignore)
> Does this clarify? Do folks agree that revising to failing in both cases is fine? 

Yes, thanks. (yes both to clarification and failing both).

I've been talking with our security team and they are pretty strongly of
the point of view that violations of the RSV and Opcode MUSTs need to
result in failing the connection. That is what we did in our -07
implementation when the error handling was undefined. Silently redacting
messages from the application stream by dropping is considered tatamount
to corruption and is a security risk for the application.

There is a similar reaction to the -08+ requirement that (paraphrased)
non UTF-8 sequences are interpreted as U+FFFD. Silently rewriting the
data is frowned on from a security pov. We are considering just failing
such a non-conformant connection (and I suppose becoming non-conformant
ourselves by doing so.).