Re: [hybi] Masking only Payload/Extension Data
Ian Fette (イアンフェッティ) <ifette@google.com> Wed, 09 March 2011 11:37 UTC
Return-Path: <ifette@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 634EB3A6951 for <hybi@core3.amsl.com>; Wed, 9 Mar 2011 03:37:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.551
X-Spam-Level:
X-Spam-Status: No, score=-105.551 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7tQW7EpU4ihd for <hybi@core3.amsl.com>; Wed, 9 Mar 2011 03:37:53 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by core3.amsl.com (Postfix) with ESMTP id 9E9E53A684A for <hybi@ietf.org>; Wed, 9 Mar 2011 03:37:52 -0800 (PST)
Received: from wpaz5.hot.corp.google.com (wpaz5.hot.corp.google.com [172.24.198.69]) by smtp-out.google.com with ESMTP id p29Bd4jJ012066 for <hybi@ietf.org>; Wed, 9 Mar 2011 03:39:07 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1299670748; bh=GK9mITrsVgm4YyvSUnJ1Ld503Cw=; h=MIME-Version:Reply-To:In-Reply-To:References:Date:Message-ID: Subject:From:To:Cc:Content-Type; b=JVAj7eD+wmlXBNF3hYPzy9oNqdFD3ozI4dfiupKOKVnEGZpqu+l4vMhrbyR8Zay2W r6mH2DFLxvP/mPpL643nQ==
Received: from iyf40 (iyf40.prod.google.com [10.241.50.104]) by wpaz5.hot.corp.google.com with ESMTP id p29BY0bQ022719 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for <hybi@ietf.org>; Wed, 9 Mar 2011 03:34:00 -0800
Received: by iyf40 with SMTP id 40so846446iyf.22 for <hybi@ietf.org>; Wed, 09 Mar 2011 03:34:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=0uQlhJLYT20nR4+4WAoK3OuN7+wqMNN9FfHvwJikDIs=; b=DvGGhCouOqEP4WiajGt7dxTMTJm4p7QBjk3ndTc4liJ4ZXAz9oqJaFIexJH0KMYoII +Ogl6Hl+kpSL6obZWPFA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=Q/4wCd/mE+mLjMNPwDvVUkeVNfA+QNZbDqLLvdyCsORC4pO5cq9zkBtKXWf3Mo+9N0 8VHlPe7JysjpKEnHaRsA==
MIME-Version: 1.0
Received: by 10.43.56.211 with SMTP id wd19mr5973736icb.91.1299670439988; Wed, 09 Mar 2011 03:33:59 -0800 (PST)
Received: by 10.231.34.131 with HTTP; Wed, 9 Mar 2011 03:33:59 -0800 (PST)
In-Reply-To: <AANLkTi=uV_axB7bU2juczGp_gW1_ZPRXpVC1+01jrBO2@mail.gmail.com>
References: <AANLkTim7js6hPBMoEgmzr3gH-NuRYkEZ-pAePkgo=Q=L@mail.gmail.com> <AANLkTimcTUYRMBA7XfYpbUNX26eup+oq2C3cL-q8+gf-@mail.gmail.com> <AANLkTi=uV_axB7bU2juczGp_gW1_ZPRXpVC1+01jrBO2@mail.gmail.com>
Date: Wed, 09 Mar 2011 03:33:59 -0800
Message-ID: <AANLkTimXDOcf_X5DT57UjVc0iC4fh_qQssdHvUOc23D8@mail.gmail.com>
From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
To: Greg Wilkins <gregw@webtide.com>
Content-Type: multipart/alternative; boundary="bcaec51b1cfbe68f79049e0b1a1e"
X-System-Of-Record: true
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Masking only Payload/Extension Data
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ifette@google.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 11:37:54 -0000
Ok, I really don't care so I will just go along here. That said, it doesn't seem like the above will let you figure out if you're looking at a masked frame or an unmasked frame. Does that matter? -Ian 2011/3/9 Greg Wilkins <gregw@webtide.com> > I'm +1 on the proposal. > > 2011/3/9 Ian Fette (イアンフェッティ) <ifette@google.com>: > > Can someone please explain to me why this matters? > > > modified from the earlier thread on this: > > Masked Frames PROS: > + all bytes other than the key are masked. This prevents an attacker > from using frame fields like the length to send "clear text" > > Masked Frame CONS: > - Masking is not independent of framing - poor layered protocol design. > ie this is the same reason that gzip in HTTP does not change the framing > of HTTP messages. > - all WS handling that needs to be aware of frame boundaries will > need to implement masking. This will mean that more infrastructure > will have masking hard coded into it, thus it will soon become very > difficult, if not impossible to change framing as it will be baked > into WS aware intermediaries. > - Intermediaries that do not care about content will still need to > unmask and remask the frames. > - the parser/generator code for WS becomes more complex and > asymmetric because it must implement masking for some WS streams but > not for others. > - unmasking cannot be done as single optimised pass over the data, > but must be done on-the-fly in the parsing code. > - the options for masking algorithms is limited. For example session > based keys could not be used in a MUX environment as the session key > would need to be known to access the extension data to know the stream > ID, so the session ID could be known so you can't know the session > key. While session based masking may not be desirable for other > reasons, this limitation indicates a fundamental limitation of the > masked frame approach. > > > > Mask in Frame PROS: > + Masking is independent of framing. Good layered protocol design. > + Intermediaries that do not process the payload will not need to > implement masking. This saves CPU, memory and also will make it easier > to change and/or remove masking in future. > + WS parsing code is simple and symmetric. > + session based masking algorithms can be used if desired > + Can utilise the extension data space to carry the key - thus > testing the implementation of the parsing of extension data length and > preventing implementations assuming this will be zero. > > Mask in Frame CONS: > - The frame op-code, flags and length are sent in the clear. Of > these, an attacker has reasonable control over the length field, so > could conceivably send 8 characters including "GET\n" as the length > (although this would be very difficult to do via the current > javascript API. There are also simple heuristic defences for this, > such as fragmenting any frame that has a length that is all ascii and > has a CR) > > > In summary, mask in frame is far more flexible, low cost and > demonstrable better design, at cost of exposing a very very unlikely > subcase of an already very very unlikely vulnerability to an as of yet > undiscovered threat, of which an exploitable variation is already in > the wild using non ws clients. >
- [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data Pat McManus @Mozilla
- Re: [hybi] Masking only Payload/Extension Data Willy Tarreau
- Re: [hybi] Masking only Payload/Extension Data Joel Martin
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Willy Tarreau
- Re: [hybi] Masking only Payload/Extension Data Joel Martin
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Pat McManus @Mozilla
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Patrick McManus
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data Julian Reschke
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Salvatore Loreto