IETF Logo Mail Archive

Re: [hybi] It's time to ship

Eric Rescorla <ekr@rtfm.com> Mon, 10 January 2011 18:18 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BFEB23A6B0E for <hybi@core3.amsl.com>; Mon, 10 Jan 2011 10:18:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.362
X-Spam-Level:
X-Spam-Status: No, score=-102.362 tagged_above=-999 required=5 tests=[AWL=0.015, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_51=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id saBJup4F1R3N for <hybi@core3.amsl.com>; Mon, 10 Jan 2011 10:18:11 -0800 (PST)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by core3.amsl.com (Postfix) with ESMTP id 8AA4B3A6B10 for <hybi@ietf.org>; Mon, 10 Jan 2011 10:18:11 -0800 (PST)
Received: by yie19 with SMTP id 19so6321603yie.31 for <hybi@ietf.org>; Mon, 10 Jan 2011 10:20:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.91.26.24 with SMTP id d24mr6565756agj.160.1294683625438; Mon, 10 Jan 2011 10:20:25 -0800 (PST)
Received: by 10.90.154.19 with HTTP; Mon, 10 Jan 2011 10:20:25 -0800 (PST)
In-Reply-To: <AANLkTimqw7Dri=m_Fj6Jai=KK59xVt_YVEM+AXTczPYq@mail.gmail.com>
References: <AANLkTim2VGfH2FiJ4iH85wYiuXNKQ1Arh1C1Kg4M58Fs@mail.gmail.com> <20110109224228.GU5743@1wt.eu> <AANLkTikgB+Ju-k0obs9it7TOsy8B1jaCYv8zBpB9dEa_@mail.gmail.com> <20110110065408.GL5743@1wt.eu> <AANLkTimqw7Dri=m_Fj6Jai=KK59xVt_YVEM+AXTczPYq@mail.gmail.com>
Date: Mon, 10 Jan 2011 18:20:25 +0000
Message-ID: <AANLkTinY1V7VvAowmrfoBdSscK7J_BCGkdUSLEB_+wpz@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
To: ifette@google.com
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] It's time to ship
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2011 18:18:12 -0000

2011/1/10 Ian Fette (イアンフェッティ) <ifette@google.com>:
> On Sun, Jan 9, 2011 at 10:54 PM, Willy Tarreau <w@1wt.eu> wrote:
>>
>> Hello Ian,
>>
>> On Sun, Jan 09, 2011 at 10:08:13PM -0800, Ian Fette
>> (????????????????????????) wrote:
>> > >  - you're using the OPTIONS method. The WG's consensus was voted as
>> > > using
>> > >    GET. While technically working, OPTIONS limits some possibilities
>> > > since
>> > >    no path is sent to the server.
>> > >
>> > >
>> > I agree it is important to be able to identify between various resources
>> > on
>> > a server. E.g. for our use, we will have multiple different websocket
>> > endpoints, and we want our frontend to be able to dispatch to the
>> > appropriate backend based on the information in the handshake. That
>> > said, I
>> > think the draft allows for that (Sec-WebSocket-URL), or as pointed out
>> > on
>> > another thread, it appears OPTIONS does allow for a path component. So,
>> > I
>> > think we should be able to resolve that point.
>>
>> Once again,I'm not opposed at all to this point. I'd even say that would
>> it
>> not have been accepted as a consensus in the last poll, I'd probably have
>> voted for it. It's just that it's a change from what was planned till now
>> and participants need to express their opinion on that point.
>>
>> > >  - your proposal involves AES-128-CTR. As was discussed here, it seems
>> > > there
>> > >    are still export regulations for certain countries eventhough
>> > > they're
>> > >    apparently fading out. It could still be a problem for companies
>> > > who
>> > > want
>> > >    to export products to some countries and which never had to put
>> > > crypto
>> > > in
>> > >    them.
>> > >
>> >
>> > It would be nice to understand if this is actually a hard constraint.
>> > AES-128-CTR has the benefit of being well understood, as well as fast,
>> > as
>> > demonstrated by Maciej in another thread. That said, I don't care
>> > strongly
>> > one way or another here.
>>
>> One of my issue with it is that despite being fast, it's a lot slower than
>> simpler masking. I design software components to be used at the border
>> side
>> of infrastructures to dispatch the traffic to multiple servers, and I'm
>> very much concerned by the performance limitations. On a machine which has
>> normally no issue processing 10 Gbps of HTTP, I could not even process 1
>> Gbps
>> of WebSocket with large contents. This is much concerning because it
>> implies
>> that in order to build the stream analysers we've talked about in the
>> past,
>> it will become mandatory to install expensive crypto acceleration cards.
>> This
>> is not logical for a protocol which is supposed to be transferred in clear
>> (ws:// as opposed to wss://). Checking for forbidden words, dangerous
>> links
>> or forbidden contents on campus sites will be much more expensive due to
>> this
>> masking algorithm alone.
>>
>> > >  - several people on the list asked for the ability to be able to
>> > > disable
>> > >    the masking in some well-controlled environments (eg:
>> > > server-to-server
>> > >    communications). I see no provisions for this.
>> > >
>> > >
>> > There's nothing that would prevent you from writing an extension that
>> > would
>> > disable the masking, from my understanding.
>>
>> Adam did not seem favorable to that.
>>
>> > >  - it has not yet been stated whether only the payload or also the
>> > > framing
>> > >    should be masked. Your proposal masks both, which means that it
>> > > definitely
>> > >    blocks any possibility of performing multiplexing later. There does
>> > > not
>> > >    appear to have been a consensus in this area yet.
>> > >
>> > >
>> > I'm not sure why this would block the possibility of multiplexing. I
>> > would
>> > agree that would be a problem if it were the case. However, a number of
>> > the
>> > early proposals for multiplexing included something like a stream-id in
>> > the
>> > frame. This could still be present. Though it would be masked, so would
>> > the
>> > length and other things that a meaningful intermediary would care about,
>> > so
>> > assuming the intermediary was capable of un-masking, is this an issue?
>>
>> Yes, and you got the point : if the ID is masked, how to you know which
>> stream it is in order to pick the right unmask key ? At least the stream
>> ID will have to be unmasked. If we prepend it before the frame, it means
>> a new framing format. Till not it was suggested to have it in the frame.
>>
>
> So, you're saying that with the XOR masking where the entire content
> required to unmask the frame was included in the frame, it would be easier
> for an intermediary to thus examine the frame? I agree that it would be
> easier, and that in the AES method it would require an intermediary to be
> "active" instead of "passive", e.g. terminate the connection at the
> intermediary. I personally think that's a good argument towards XOR, but am
> personally not heavily invested either way as I think for our uses, we would
> be terminating at the "intermediary" anyways.
>

Ian,

Im not sure Im following the reasoning here: why does the AES
mechanism (which is,
after all, just an XOR with a long, randomly computed mask) require an
active intermediary?

Thanks,
-Ekr

v2.23.0 | Report a Bug | By Email