Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocketprotocol-08.txt

Ian Fette (イアンフェッティ) <ifette@google.com> Wed, 08 June 2011 23:24 UTC

Return-Path: <ifette@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 082961F0C3C for <hybi@ietfa.amsl.com>; Wed, 8 Jun 2011 16:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.676
X-Spam-Level:
X-Spam-Status: No, score=-105.676 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2jKeJsv0xTf for <hybi@ietfa.amsl.com>; Wed, 8 Jun 2011 16:24:01 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfa.amsl.com (Postfix) with ESMTP id 3840A1F0C3B for <hybi@ietf.org>; Wed, 8 Jun 2011 16:24:00 -0700 (PDT)
Received: from hpaq2.eem.corp.google.com (hpaq2.eem.corp.google.com [172.25.149.2]) by smtp-out.google.com with ESMTP id p58NNxl6021529 for <hybi@ietf.org>; Wed, 8 Jun 2011 16:23:59 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1307575439; bh=fIauQ76JUXCWQM92aRgactd8bpk=; h=MIME-Version:Reply-To:In-Reply-To:References:Date:Message-ID: Subject:From:To:Cc:Content-Type; b=StWP1QDtbyRNfbJv9l91ai1tH0d0Q80O4asTa1CA8reZwUbyELMp3rXTrDIQ5KELY D5dnaDKry2Om84NjmHRpg==
Received: from qwe5 (qwe5.prod.google.com [10.241.194.5]) by hpaq2.eem.corp.google.com with ESMTP id p58NNDfS018411 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <hybi@ietf.org>; Wed, 8 Jun 2011 16:23:57 -0700
Received: by qwe5 with SMTP id 5so570239qwe.37 for <hybi@ietf.org>; Wed, 08 Jun 2011 16:23:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=YzGW1OL+nf8W+zYEueR41M+UyX0r2r1reNyTrr7QkSQ=; b=qD+M7perTdFJfcAkLsde7ltIU5latdueT5lQQAuaXd4aDlzsNbVa3gqtxEke8+/842 /zaqfP37kR2SUCnLx9vw==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=LPvJxLciQuY00GWo1kxJV+j3vyZKEy9SNEEgcZ0dkB9FCiC3Etk2BcbmzQcL5BUlez HhyVJ89PhxA4nHp16S5g==
MIME-Version: 1.0
Received: by 10.229.6.196 with SMTP id a4mr25317qca.143.1307575437331; Wed, 08 Jun 2011 16:23:57 -0700 (PDT)
Received: by 10.229.78.206 with HTTP; Wed, 8 Jun 2011 16:23:57 -0700 (PDT)
In-Reply-To: <BANLkTi=AsE_jHV_tMTEZEcaLnQZCBMp_jA@mail.gmail.com>
References: <20110608173012.14596.50398.idtracker@ietfa.amsl.com> <BANLkTi=AsE_jHV_tMTEZEcaLnQZCBMp_jA@mail.gmail.com>
Date: Wed, 8 Jun 2011 16:23:57 -0700
Message-ID: <BANLkTimJSAF8NVEP87AG0u8Shzvk+p12RA@mail.gmail.com>
From: =?UTF-8?B?SWFuIEZldHRlICjjgqTjgqLjg7Pjg5Xjgqfjg4Pjg4bjgqMp?= <ifette@google.com>
To: Greg Wilkins <gregw@intalio.com>
Content-Type: multipart/alternative; boundary=0015175cb120758ce204a53ba190
X-System-Of-Record: true
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocketprotocol-08.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ifette@google.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 23:24:03 -0000

On Wed, Jun 8, 2011 at 4:03 PM, Greg Wilkins <gregw@intalio.com> wrote:

> Wow - that was a more extensive rewrite than I was expecting - but
> most of the text looks to be good improvements - good work!
>
>
> However 4.2 says
>
>     The payload data is defined as extension data concatenated wit
> application data.
>
> and this is reflected elsewhere in the document.   Concatenation is
> not the correct paradigm as this prohibits a compression or encrypting
> extension which changes the entire payload.
>

Not really. We used to say the "body" of the frame was extension data
followed by application data, indeed the payload len has always meant
len(ext)+len(app). This re-write takes a lot of the sections that used to
talk about this and now just talks about "payload" where payload data is
extension data followed by application data, just as before. It doesn't
prevent a compressing or encrypting extension -- the extension is free to
modify the application data. [perhaps that point needs to be called out more
explicitly somewhere]. For instance, a compressing extension could have a
small amount of "extension data" such as an instruction to reset state and
contain "application data" (the compressed data).


> I think we should simply say that the payload data is the application
> data as processed by all the negotiated extensions.
>
>
I think I would prefer to to keep some distinction of what data is purely
for the extensions and what data is the actual data being passed by the
protocol, at least conceptually. We can make it clearer that the extensions
modify payload data, and at some points the distinction may not be crystal
clear, but I think the distinction is still useful (for instance, by saying
that a pong must have identical application data, we don't have to say that
the payload is identical.)


>
> Section 4.4, bullet point 3 is formatted as a bullet point, when it is
> really a sub clause of the previous bullet point.  Also the Note about
> control frames is formatted as another bullet point.
>


yes, sorry


>
> I also think this section needs another point like:
>
>  * The fragments of one message may not be interleaved between the
> fragments of another message unless an extension has been negotiated
> that can interpret the interleaving.
>

anyone else have thoughts here? it seems reasonable to me but I'd like to
hear other opinions.


>
>
> 4.8 says:
>
>   o  Extension data may be placed in the payload data before the
>      application data.
>
> As above, this prevents compression/encrypting extensions.  Extensions
> must be allowed to arbitrarily mutate the application data.
>

see prior explanation earlier in this response


>
>
> 9.2.1 Compression
>
> I still maintain that this extension should not be supported - it
> breaks all the rules the spec defines for extensions - specifically it
> mutates the framing.   There is an alternative compression proposal
> available for in frame compression that would comply with the rules of
> extensions (assuming we remove the concatenation restriction above).
>
>
How do others feel about keeping it / yanking it?


>
> In section 10, the draft says:
>
>   The biggest security risk when sending text data using this protocol
>   is sending data using the wrong encoding.  If an attacker can trick
>   the server into sending data encoded as ISO-8859-1 verbatim (for
>   instance), rather than encoded as UTF-8, then the attacker could
>   inject arbitrary frames into the data stream.
>
> I don't think this is true - not since we dropped sentinel encoded frames.
> Length encoded frames are safe to send arbitrary data and there is no
> possibility of any payload being interpreted as a frame in the
> datastream.
>

I agree the text needs to be changed, but perhaps rather than killing it
entirely, it can be rewritten as a more general statement of please be
careful with encodings, as when you tell a recipient something is utf-8,
they may make assumptions that will prove problematic if you send them
something like iso-8859-1 instead, or at the least may cause
misinterpretation or loss of data.


> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>