Re: [hybi] Extensibility mechanisms?
Adam Barth <ietf@adambarth.com> Thu, 22 July 2010 04:40 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D826E3A6804 for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 21:40:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.407
X-Spam-Level:
X-Spam-Status: No, score=-1.407 tagged_above=-999 required=5 tests=[AWL=-0.030, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AgF93-eIOhpN for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 21:40:13 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 425BD3A6838 for <hybi@ietf.org>; Wed, 21 Jul 2010 21:40:11 -0700 (PDT)
Received: by iwn38 with SMTP id 38so8235135iwn.31 for <hybi@ietf.org>; Wed, 21 Jul 2010 21:40:27 -0700 (PDT)
Received: by 10.231.174.206 with SMTP id u14mr1305825ibz.103.1279773621907; Wed, 21 Jul 2010 21:40:21 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id r3sm29466100ibk.13.2010.07.21.21.40.20 (version=SSLv3 cipher=RC4-MD5); Wed, 21 Jul 2010 21:40:21 -0700 (PDT)
Received: by iwn38 with SMTP id 38so8234983iwn.31 for <hybi@ietf.org>; Wed, 21 Jul 2010 21:40:20 -0700 (PDT)
Received: by 10.231.167.196 with SMTP id r4mr1349588iby.29.1279773620277; Wed, 21 Jul 2010 21:40:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.143.145 with HTTP; Wed, 21 Jul 2010 21:40:00 -0700 (PDT)
In-Reply-To: <4C47C5B0.3030006@caucho.com>
References: <h2w5c902b9e1004152345j992b815bz5f8d38f06a19181a@mail.gmail.com> <4BCAB2C1.2000404@webtide.com> <B9DC25B0-CD21-44E7-BD9B-06D0C9440933@apple.com> <4BCB7829.9010204@caucho.com> <Pine.LNX.4.64.1004182349240.751@ps20323.dreamhostps.com> <4BCC0A07.9030003@gmx.de> <Pine.LNX.4.64.1004190753510.23507@ps20323.dreamhostps.com> <4BCC111C.90707@gmx.de> <Pine.LNX.4.64.1004190837570.23507@ps20323.dreamhostps.com> <4BCC204D.30004@gmx.de> <z2gad99d8ce1004190822ne4dd36b6v54d63efcc448e840@mail.gmail.com> <Pine.LNX.4.64.1007202204270.7242@ps20323.dreamhostps.com> <AANLkTikkfdlUxQ0MGNvVQKa5gfovkGHWdCgyN9juKSQJ@mail.gmail.com> <4C462F9E.9030207@caucho.com> <Pine.LNX.4.64.1007212153110.7242@ps20323.dreamhostps.com> <AANLkTiku76oSucTNDFdwgsFBNFa_cCpC-YktTnMfX47-@mail.gmail.com> <4C479130.4020500@caucho.com> <AANLkTikLDjBP-Xs5t6TxmJuq4nG8jwThQ=n34B4cEmup@mail.gmail.com> <4C479CE4.6070805@caucho.com> <AANLkTims1er0Rbv0ysP4gRs1Kd0He8hapHeJ3nON=JQa@mail.gmail.com> <4C47C5B0.3030006@caucho.com>
From: Adam Barth <ietf@adambarth.com>
Date: Wed, 21 Jul 2010 21:40:00 -0700
Message-ID: <AANLkTi=ND-FOH8OoD=TCbiyeSZ-h0LhxQBXN5w-2hfvj@mail.gmail.com>
To: Scott Ferguson <ferg@caucho.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Extensibility mechanisms?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2010 04:40:16 -0000
The more I read on this list, the more I think that folks here don't understand the requirements on the protocol, especially the security requirements. That's understandable if you haven't worked extensively with the browser security model. Fortunately, Ian is an expert on these topics and has more time to reply to this list than I do. I'll try to address some of the confusion in this email, but I might not be able to answer all the followup questions. On Wed, Jul 21, 2010 at 9:14 PM, Scott Ferguson <ferg@caucho.com> wrote: > Adam Barth wrote: >> I don't think you understand how cross-protocol attacks work, and I'm >> not that interested in educating you about them. HTTP POST requests >> are also very poorly designed in this way and have been the cause of a >> number of cross-protocol attacks, most recently against IRC. > > Well, we have two conflicting desires that need to be resolved: > > 1) To make WebSockets initial latency no worse than HTTP. (If I understand > correctly, this is the issue raised by Jamie and also Greg.) > > 2) cross-site scripting There is surprisingly little interaction between cross-site script and the security requirements on WebSockets. However, there is a large interaction between the security requirements on WebSockets, the browser's same-origin policy, and cross-protocol vulnerability. Please note that cross-protocol vulnerabilities have nothing to do with cross-site scripting. > I see only 3 possible resolutions: > > a) That 1 & 2 are irreconcilable and WebSocket performance must be worse > than HTTP/comet because its security must be better than HTTP. I don't understand what this means. How could latency requirements for a network protocol be irreconcilable with cross-site scripting? The two operate at completely different layers of abstraction. > b) WebSocket performance must be as good as HTTP/comet as long as its > security is no worse than HTTP. What does it mean for security to be no worse than HTTP? When thinking about security, it's important to consider what security goals you're trying to achieve in the presence of what sort of adversary. It's far from a one dimensional quantity that can be "better" or "worse" than another. Your statement is basically nonsensical. > c) Both 1 & 2 are resolvable and the solution is XXX. It's clear to me that we can achieve both performance and security. We've seen several proposals that achieve that. Of course, those aren't the only requirements we're aiming to meet... > If (a) or (b) are selected, it should be a conscious decision, not chosen by > default. I assume you're in camp (a)? What's the difference between choosing something by default versus a conscience choice? From my statements above, I think you'd put me in camp (c). > If you believe (c), than it seems to me you either need to propose an XXX or > suggest fixes to a flawed XXX proposal to make it work. I've already did so back in May: http://www.ietf.org/mail-archive/web/hybi/current/msg01948.html This is different from the protocol in the current working draft because it requires TLS. I think TLS+NPN is a much better design than the current HTTP-ish design, for the reasons outlined in that email. The main (only?) disadvantage is that it requires amateur server implementations to use a TLS library. > The current official draft proposes (a), but it seemed to me that the group > is divided on the issue, and I made an attempt at an XXX. Perhaps I > misunderstood, everyone's in camp (a). It's fine to propose designs as food for thought, but claiming that you've addressed all the requirements when you haven't even met the basic security requirements is a bit brash. > (I suppose there might be a (d): browser clients are restricted to (a) but > non-browser clients can use (b). But that would probably be too messy for a > spec.) I don't care what non-browser clients do. I'm here to help design a protocol for use by browsers. Adam
- [hybi] Extensibility mechanisms? Justin Erenkrantz
- Re: [hybi] Extensibility mechanisms? Thomson, Martin
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Justin Erenkrantz
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Justin Erenkrantz
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Thomson, Martin
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Julian Reschke
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Julian Reschke
- Re: [hybi] Extensibility mechanisms? Martin J. Dürst
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- [hybi] HTTP is not a disaster. Was: Extensibility… Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Julian Reschke
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] HTTP is not a disaster. Was: Extensibi… Pieter Hintjens
- Re: [hybi] Extensibility mechanisms? Pieter Hintjens
- Re: [hybi] Extensibility mechanisms? Bjoern Hoehrmann
- [hybi] NAT reset recovery? Was: Extensibility mec… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
- [hybi] WebSocket, TLS and intermediaries Vladimir Katardjiev
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] Extensibility mechanisms? Julian Reschke
- Re: [hybi] Extensibility mechanisms? Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Greg Wilkins
- Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Thomson, Martin
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Thomson, Martin
- Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
- Re: [hybi] NAT reset recovery? Was: Extensibility… Dave Cridland
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Dave Cridland
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] WebSocket, TLS and intermediaries Ian Hickson
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? John Tamplin
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Jack Moffitt
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] WebSocket, TLS and intermediaries Mike Belshe
- Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
- Re: [hybi] WebSocket, TLS and intermediaries John Tamplin
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] WebSocket, TLS and intermediaries Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Thomson, Martin
- Re: [hybi] WebSocket, TLS and intermediaries Thomson, Martin
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] WebSocket, TLS and intermediaries Julian Reschke
- Re: [hybi] Extensibility mechanisms? Simone Bordet
- Re: [hybi] Extensibility mechanisms? Simone Bordet
- Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] WebSocket, TLS and intermediaries Ian Hickson
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] WebSocket, TLS and intermediaries Mike Belshe
- Re: [hybi] WebSocket, TLS and intermediaries Greg Wilkins
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- [hybi] Upgrade Mechanism and HasMat (was Re: Exte… Salvatore Loreto
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Salvatore Loreto
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Willy Tarreau
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? John Tamplin
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? John Tamplin
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Adam Barth
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … John Tamplin
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
- Re: [hybi] Extensibility mechanisms? Simon Pieters
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Greg Wilkins
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] WebSocket, TLS and intermediaries Patrick McManus