IETF Logo Mail Archive

Re: [hybi] Insight you need to know: Browsers are at fault when servers crash

Willy Tarreau <w@1wt.eu> Mon, 26 July 2010 09:18 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88F823A68E8 for <hybi@core3.amsl.com>; Mon, 26 Jul 2010 02:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.156
X-Spam-Level:
X-Spam-Status: No, score=-2.156 tagged_above=-999 required=5 tests=[AWL=-1.602, BAYES_05=-1.11, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MYMyjrKU1zty for <hybi@core3.amsl.com>; Mon, 26 Jul 2010 02:18:03 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 9D3D83A6AD5 for <hybi@ietf.org>; Mon, 26 Jul 2010 02:18:00 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o6Q9IIki008115; Mon, 26 Jul 2010 11:18:18 +0200
Date: Mon, 26 Jul 2010 11:18:18 +0200
From: Willy Tarreau <w@1wt.eu>
To: Roderick Baier <roderick.baier@hs-weingarten.de>
Message-ID: <20100726091818.GA8029@1wt.eu>
References: <AANLkTi=vPAnnK0=gE=YN10vt9b-f6sWXXcwK+La5SriO@mail.gmail.com> <623C6D70-B4AF-49EC-BA07-6F90BD0FFFBF@apple.com> <AANLkTi=Q-PVrdaWuOu3H=wUiphe6JB4C+LauSOXKozoY@mail.gmail.com> <AANLkTi=Z-Zw3gJAdwQMAqG5UUVnV_kgsGm3M_qQ2Bwt7@mail.gmail.com> <8B47440C-7CFD-442F-94E3-96A8EBE7D25D@apple.com> <AANLkTimRo_ubic96z3VgwexiOw0KJg10HQedmcuBs6jp@mail.gmail.com> <FA3856A4-FF29-430E-8BE4-3049F1E33A03@apple.com> <AANLkTim14YJgikfeU9k84xMqtcFt0cdqJQZcsNmvt-Eo@mail.gmail.com> <20100726075549.GB7263@1wt.eu> <4C4D515A.3070102@hs-weingarten.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4C4D515A.3070102@hs-weingarten.de>
User-Agent: Mutt/1.4.2.3i
Cc: hybi@ietf.org
Subject: Re: [hybi] Insight you need to know: Browsers are at fault when servers crash
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2010 09:18:04 -0000

On Mon, Jul 26, 2010 at 11:11:54AM +0200, Roderick Baier wrote:
> Willy Tarreau schrieb:
> >This principle sounds good, and in my opinion would be compatible with
> >Greg's proposal of putting the nonce in a request header. Basically the
> >client chooses a random key, advertises it as a nonce and can start
> >sending data encrypted with that key. It must then check once the server
> >responds that the hash of the key that confirms its will to use it
> >for all data past the headers.
> >
> >Willy
> >
> 
> So you want to encrypt the data with a key which was transmitted without 
> encryption? Did I get you right?

yes, the principle of this "encryption" here is not to provide any
confidentiality but only to scramble the data in a way not controllable
by the client, so that it cannot send arbitrary bytes after the handshake.

And you make me think that we'd better talk about scrambling than
encryption to avoid any mis-understanding resulting in a misuse.

Willy

v2.23.0 | Report a Bug | By Email