Re: [hybi] Handshake was: The WebSocket protocol issues.
James Graham <jgraham@opera.com> Fri, 24 September 2010 09:57 UTC
Return-Path: <jgraham@opera.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C1AB03A6AF9 for <hybi@core3.amsl.com>; Fri, 24 Sep 2010 02:57:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.474
X-Spam-Level:
X-Spam-Status: No, score=-6.474 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DN8Y-lvCDKpc for <hybi@core3.amsl.com>; Fri, 24 Sep 2010 02:57:47 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id 074783A69E6 for <hybi@ietf.org>; Fri, 24 Sep 2010 02:57:46 -0700 (PDT)
Received: from [10.30.0.35] (sgw-oslo2.opera.com [213.236.208.46]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o8O9wD6L019556 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <hybi@ietf.org>; Fri, 24 Sep 2010 09:58:17 GMT
Message-ID: <4C9C7634.4000605@opera.com>
Date: Fri, 24 Sep 2010 11:58:12 +0200
From: James Graham <jgraham@opera.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9pre) Gecko/20100217 Shredder/3.0.3pre
MIME-Version: 1.0
To: hybi@ietf.org
References: <AANLkTikszM0pVE-0dpZ2kv=i=y5yzS2ekeyZxtz9N=fQ@mail.gmail.com> <62B5CCE3-79AF-4F60-B3A0-5937C9D291D7@apple.com> <AANLkTikKc+4q_Q1+9uDo=ZpFF6S49i6vj2agZOGWVqKm@mail.gmail.com>
In-Reply-To: <AANLkTikKc+4q_Q1+9uDo=ZpFF6S49i6vj2agZOGWVqKm@mail.gmail.com>
Content-Type: text/plain; charset="KOI8-R"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 09:57:48 -0000
On 09/24/2010 11:52 AM, Alexander Voronin wrote: > What kind of cross-protocol attacks You are talking about all this time? > Using simplest handshake with framed data transfer and relied on browser > security policies it seems to be impossible. Do You have any real > examples on this? You might be interested in [1] [1] http://www.remote.org/jochen/sec/hfpa/
- [hybi] Handshake was: The WebSocket protocol issu… Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Gabriel Montenegro
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Simone Bordet
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Simone Bordet
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … James Graham
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … John Tamplin
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Hickson
- Re: [hybi] Handshake was: The WebSocket protocol … Mike Belshe
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Hickson
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Simon Pieters
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Simone Bordet
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Roderick Baier
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Simone Bordet
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … James Graham
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … James Graham
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Fette (イアンフェッティ)
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Hickson
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Fette (イアンフェッティ)
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Fette (イアンフェッティ)
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus