IETF Logo Mail Archive

Re: [hybi] A WebSocket handshake

Greg Wilkins <gregw@webtide.com> Thu, 07 October 2010 02:41 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5BF323A7251 for <hybi@core3.amsl.com>; Wed, 6 Oct 2010 19:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.744
X-Spam-Level:
X-Spam-Status: No, score=-1.744 tagged_above=-999 required=5 tests=[AWL=0.233, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Emk9sX4xiWKQ for <hybi@core3.amsl.com>; Wed, 6 Oct 2010 19:41:34 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 7B0823A7233 for <hybi@ietf.org>; Wed, 6 Oct 2010 19:41:34 -0700 (PDT)
Received: by iwn10 with SMTP id 10so394568iwn.31 for <hybi@ietf.org>; Wed, 06 Oct 2010 19:42:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.190.75 with SMTP id dh11mr98623ibb.189.1286419355315; Wed, 06 Oct 2010 19:42:35 -0700 (PDT)
Received: by 10.231.39.199 with HTTP; Wed, 6 Oct 2010 19:42:35 -0700 (PDT)
In-Reply-To: <AANLkTimZmabfm=rYoREGLhqJNP0SDhH_zL7V8onpGmKj@mail.gmail.com>
References: <AANLkTimQ5x-v+Mz_OHrNDdtVd94E+HOBWwo3_f1ktEeg@mail.gmail.com> <FE64D506-EB87-42D1-BFD3-AC3DC74A3599@brandedcode.com> <AANLkTimZmabfm=rYoREGLhqJNP0SDhH_zL7V8onpGmKj@mail.gmail.com>
Date: Thu, 07 Oct 2010 13:42:35 +1100
Message-ID: <AANLkTindR-gx6RwwbKmrczN=TFwfoKi_OxKuPSuzYn-s@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Hybi <hybi@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [hybi] A WebSocket handshake
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2010 02:41:38 -0000

On 7 October 2010 01:21, Adam Barth <ietf@adambarth.com> wrote:
> We'll put the WebSocket URL in the additional information that comes
> with the initial message.  We can either break that up into a request
> line and a Host header, or we can just include the whole URL as such.

I think you make the server more vulnerable to DOS attacks by delaying
consideration of the URL and subprotocol.

Frequently servers will run many applications on many virtual hosts,
real hosts and context paths.  Only a subset of these may support
websockets.  This proposal would mean that the server would need to
accept the connection and thus cause the client onOpen even to first,
before it had validated the connection was to an application that can
handle websocket.  While I don't see any new vulnerability flowing
directly from this, I believe that it is not a desirable state of
affairs from either a security or resource allocation point of view.

> The point of putting in the additional information is so that it can
> be encrypted, preventing the attacker from choosing any of the bytes
> on the wire.

If we really are going to have a content free handshake that exchanges
keys so that the rest of the connection can be encrypted - then we
should just use TLS.

I see little value and significant risks in inventing some TLS-lite handshake.

I think that we should improve the upgrade proposal to the best we
can, and consider a concrete TLS proposal, and then we can consider if
we support one or  the other or both.

regards

v2.23.0 | Report a Bug | By Email