Re: [hybi] IESG note?, was: Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt> (The WebSocket protocol) to Proposed Standard

Peter Saint-Andre <stpeter@stpeter.im> Thu, 08 September 2011 16:33 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 554A021F8A58; Thu, 8 Sep 2011 09:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lF3myMfjyIve; Thu, 8 Sep 2011 09:33:10 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 883BC21F899F; Thu, 8 Sep 2011 09:33:10 -0700 (PDT)
Received: from dhcp-64-101-72-209.cisco.com (unknown [64.101.72.209]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 1C76240E87; Thu, 8 Sep 2011 10:38:02 -0600 (MDT)
Message-ID: <4E68EEB4.40600@stpeter.im>
Date: Thu, 08 Sep 2011 10:35:00 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: Willy Tarreau <w@1wt.eu>
References: <20110711140229.17432.23519.idtracker@ietfa.amsl.com> <5355F3EF-DD59-4D3C-9578-84043A3B8E90@gbiv.com> <4E620772.9090900@gmx.de> <4E6228F9.2030108@gmx.de> <20110903194323.GA19164@1wt.eu>
In-Reply-To: <20110903194323.GA19164@1wt.eu>
X-Enigmail-Version: 1.3.1
OpenPGP: url=https://stpeter.im/stpeter.asc
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Server-Initiated HTTP <hybi@ietf.org>, ietf@ietf.org, iesg@iesg.org
Subject: Re: [hybi] IESG note?, was: Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt> (The WebSocket protocol) to Proposed Standard
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 16:33:11 -0000

On 9/3/11 1:43 PM, Willy Tarreau wrote:
> Hi Julian, Roy,
> 
> On Sat, Sep 03, 2011 at 03:17:45PM +0200, Julian Reschke wrote:
>> Like that...:
>>
>>    The WebSocket protocol is designed with an assumption that
>>    TCP port 80 or 443 will be used for the sake of tunneling raw
>>    socket exchanges over HTTP.  The result is a convoluted and
>>    inefficient exchange of hashed data for the sake of bypassing
>>
>> s/convoluted and inefficient/complex/
>>
>>    intermediaries that may be routing, authenticating, filtering,
>>    or verifying traffic on those ports.  The sole reason for using
>>
>> s/sole//
>>
>>    ports 80 and 443, and hence requiring the hashed data exchange,
>>    is because many organizations use TCP port blocking at firewalls
>>    to prevent unexpected network traffic, but allow the HTTP ports
>>    to remain open because they are expected to be used for normal
>>    Web request traffic.  WebSocket deliberately bypasses network
>>    management constraints in order to enable Web application
>>    developers to send arbitrary data though a trusted port.
> 
> The way I'm reading this seems to imply that the masking is there in
> order to bypass intermediaries, which is absolutely not the case,
> quite the opposite instead. The masking was introduced to avoid
> getting stuck on supposedly buggy intermediaries that would search
> for a valid HTTP request or response past the message boundaries.
> 
> The masking uses a low complexity precisely in order to make it
> easy for intermediaries to decode the stream at a low cost. Also,
> and quite importantly, being able to reuse the existing security
> infrastructure is important (user authentication, accounting,
> URL filtering, malware site blocking, etc...). The success of BOSH
> or XHR precisely comes from the fact that there is no need to
> reinvent new security models, new products, to train admins,
> etc... What is deployed works.
> 
>>    Naturally, the WebSocket protocol does not have the same network
>>    characteristics as HTTP.  The messages exchanged are likely to
>>    be smaller, more interactive, and delivered asynchronously over
>>    a long-lived connection.  Unfortunately, those are the same
>>    characteristics of typical denial-of-service attacks over HTTP.
>>    Organizations deploying WebSockets should be aware that existing
>>    network equipment or software monitoring on those ports may need
>>    to be updated or replaced.
> 
> The communication pattern is no different than what's done with
> existing bidirectional communications over HTTP such as BOSH. It's
> even close to XHR in that there may be an avalanche of small packets.
> 
> I agree it is important to insist on the traffic pattern, but I don't
> think we should be too much alarmist either considering that people
> already deploy equivalent mechanisms today.
> 
> Last, the protocol design was made with the goal of making it work
> over raw TCP later. It's already split in two parts, the handshake
> and the data framing. The framing can be reused over any established
> connection and masking may be disabled simply by clearing one bit.
> 
> I would personally find it more fair to introduce the design by saying
> something like this :
> 
>    The WebSocket protocol is designed to supersede existing bidirectional
>    communication protocols which use HTTP as a transport layer to benefit
>    from existing infrastructure (proxies, filtering, authentication). Such
>    existing protocols were implemented as trade-offs between efficiency and
>    reliability because HTTP was not initially meant to be used that way.
>    WebSocket tries to address all of these goals in the same environment,
>    and as such is designed to work over ports 80 and 443 as well as to
>    support HTTP proxies and intermediaries, even if this implies some
>    complexity specific to these environments. The way it is designed
>    does not limit it to HTTP and future implementations may make use of
>    simpler handshake over a dedicated port without revinventing everything.
>    This last point is important to keep in mind because the traffic patterns
>    of interactive messaging does not much match standard HTTP traffic and
>    may induce unusual loads on some components.

Willy, I appreciate the proposed text. Here is a slightly tweaked version.

###

   The WebSocket protocol is designed to supersede existing
   bidirectional communication technologies which use HTTP as a
   transport layer to benefit from existing infrastructure
   (proxies, filtering, authentication).  Such technologies
   were implemented as trade-offs between efficiency and reliability
   because HTTP was not initially meant to be used for bidirectional
   communication (see [RFC6202] for further discussion).  The
   WebSocket protocol attempts to address the goals of existing
   bidirectional HTTP technologies in the context of the existing
   HTTP infrastructure; as such, it is designed to work over HTTP
   ports 80 and 443 as well as to support HTTP proxies and
   intermediaries, even if this implies some complexity specific to
   the current environment.  However, the design does not limit
   WebSocket to HTTP, and future implementations could use a
   simpler handshake over a dedicated port without revinventing
   the entire protocol.  This last point is important because the
   traffic patterns of interactive messaging do not closely match
   standard HTTP traffic and can induce unusual loads on some
   components.

###

I shall enter an RFC Editor Note in the datatracker with that text as a
placeholder, with the understanding that the text might change based on
further discussion.


-- 
Peter Saint-Andre
https://stpeter.im/