IETF Logo Mail Archive

Re: [hybi] Moving to a CONNECT-based handshake

Maciej Stachowiak <mjs@apple.com> Tue, 30 November 2010 18:23 UTC

Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45FC828C153 for <hybi@core3.amsl.com>; Tue, 30 Nov 2010 10:23:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PnBQjd6HYOFm for <hybi@core3.amsl.com>; Tue, 30 Nov 2010 10:23:19 -0800 (PST)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by core3.amsl.com (Postfix) with ESMTP id 644C328C172 for <hybi@ietf.org>; Tue, 30 Nov 2010 10:23:19 -0800 (PST)
Received: from relay15.apple.com (relay15.apple.com [17.128.113.54]) by mail-out3.apple.com (Postfix) with ESMTP id 51313BBE5F04 for <hybi@ietf.org>; Tue, 30 Nov 2010 10:24:31 -0800 (PST)
X-AuditID: 11807136-b7cf5ae0000051a4-67-4cf5415f4195
Received: from gertie.apple.com (gertie.apple.com [17.151.62.15]) by relay15.apple.com (Apple SCV relay) with SMTP id 8A.98.20900.F5145FC4; Tue, 30 Nov 2010 10:24:31 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from [17.246.18.254] by gertie.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0LCP009OFN4U3N50@gertie.apple.com> for hybi@ietf.org; Tue, 30 Nov 2010 10:24:31 -0800 (PST)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <op.vmzqkhszidj3kv@simon-pieterss-macbook.local>
Date: Tue, 30 Nov 2010 10:24:30 -0800
Message-id: <EC93027F-395D-41F5-8771-CA9F8C816BE5@apple.com>
References: <op.vmzqkhszidj3kv@simon-pieterss-macbook.local>
To: Simon Pieters <simonp@opera.com>
X-Mailer: Apple Mail (2.1082)
X-Brightmail-Tracker: AAAAAA==
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Moving to a CONNECT-based handshake
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Nov 2010 18:23:20 -0000

On Nov 30, 2010, at 7:56 AM, Simon Pieters wrote:

> Hi,
> 
> At Opera we do not plan to implement the new framing until the spec uses a CONNECT-based handshake. We support Adam and Eric's handshake proposal.

Speaking personally, I am also in favor of Adam and Eric's proposal for a CONNECT-based handshake, as well as the associated payload masking. I expect many of my Apple colleagues would agree.

We would be hesitant to ship protocol updates that do not fix the handshake. Given the security issues identified by the paper from Adam and company, we would even consider disabling WebSocket entirely in future releases until there is a more robust handshake.

(However, I make no specific promises about future Safari releases.)

Regards,
Maciej

v2.23.0 | Report a Bug | By Email