[hybi] -09: security considerations

[Peter Saint-Andre <stpeter@stpeter.im>]

First, I am not a member of the security mafia.

However, the security considerations section seems incomplete to me. I
suggest that the author and WG spend some quality time with RFC 3552
(and with other RFCs that have good discussions of security) to make
this section more robust and complete.

Questions to ask and answer include (but are not limited to):

1. What is the threat model against the architecture assumed in this
document? (And to answer that question, it would help to more clearly
explain the architecture.)

2. How will the protocol address confidentiality?

3. How will the protocol address data integrity?

4. How will the protocol address peer entity authentication?

5. How does the protocol ensure strong security (RFC 3365)?

6. If certificates are to be used, how are they handled (RFC 6125 and
RFC 2818)?

7. What are the mandatory-to-implement TLS ciphersuites?

8. What are the security considerations related to technologies that are
reused in WebSocket (e.g., Base 64 and UTF-8)?

9. What information leaks are possible?

10. What denial of service attacks (RFC 4732) are possible and what
measures can be taken to prevent those attacks?

11. What is the relationship, if any, between the security of the
WebSocket protocol and the security of HTTP? In what ways does this
protocol build on HTTP from a security perspective, and in what ways
does it need additional security mechanisms?

I'm sure the reviewer from the IETF Security Directorate will come up
with more questions than that, so we need to be prepared.

A personal note: in revising RFC 3920 to produce RFC 6120, I put a great
deal of thought and time into writing the security considerations
section, which ended up being 20 pages long. That might be longer than
necessary here, but I think 2 pages is a bit shy of what we need.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/