Re: [hybi] Web Socket IP Authentication
Dave Cridland <dave@cridland.net> Fri, 03 September 2010 08:21 UTC
Return-Path: <dave@cridland.net>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B278D3A6821 for <hybi@core3.amsl.com>; Fri, 3 Sep 2010 01:21:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.469
X-Spam-Level:
X-Spam-Status: No, score=-2.469 tagged_above=-999 required=5 tests=[AWL=0.130, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CgF9nGjhzdyP for <hybi@core3.amsl.com>; Fri, 3 Sep 2010 01:21:44 -0700 (PDT)
Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [217.155.137.61]) by core3.amsl.com (Postfix) with ESMTP id 4DFDA3A6820 for <hybi@ietf.org>; Fri, 3 Sep 2010 01:21:44 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id 8DCD911680B3; Fri, 3 Sep 2010 09:22:13 +0100 (BST)
X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net
Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kHAqLmEVZBBt; Fri, 3 Sep 2010 09:22:10 +0100 (BST)
Received: from puncture (unknown [217.155.137.60]) by peirce.dave.cridland.net (Postfix) with ESMTPA id 786EB11680AF; Fri, 3 Sep 2010 09:22:10 +0100 (BST)
References: <20100901224502.0519B3A687C@core3.amsl.com> <AANLkTikP1CF22fL0rBniXmrxEoBAbTNfzP9kyiNA4nbb@mail.gmail.com> <AANLkTi=_1m36ThFZTH_aGE_Unz0KTeexJq_74UGr2j+u@mail.gmail.com> <B68E5323-E259-4D27-BB32-ED86961209FC@gbiv.com> <20100902051929.GD10275@1wt.eu> <4C7F3F21.3000200@isdg.net> <20100902061613.GK10275@1wt.eu> <4C7F4C59.4010502@isdg.net> <2348.1283459737.696752@puncture> <4C80175C.4090109@isdg.net>
In-Reply-To: <4C80175C.4090109@isdg.net>
MIME-Version: 1.0
Message-Id: <2348.1283502130.477694@puncture>
Date: Fri, 03 Sep 2010 09:22:10 +0100
From: Dave Cridland <dave@cridland.net>
To: Hector Santos <hsantos@isdg.net>, "Roy T. Fielding" <fielding@gbiv.com>, Server-Initiated HTTP <hybi@ietf.org>, Willy Tarreau <w@1wt.eu>
Content-Type: text/plain; delsp="yes"; charset="us-ascii"; format="flowed"
Subject: Re: [hybi] Web Socket IP Authentication
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2010 08:21:45 -0000
I'll skip the email discussion as it's not relevant here. On Thu Sep 2 22:30:04 2010, Hector Santos wrote: > In any case, the point was that IP authentication *can* be a valid > server side consideration for secondary web sockets connections. > > And my point is that it is not. > When the HTTP session authenticates the user with HTTP/COOKIE auth, > the binding to the IP is set and this can be used for any pending > web-socket clients on the same IP. Whether a TTL is required, I > don't know if its necessary or not since IMV, there is a greater > predictability and timeline of events with the HTTP session and WS > session than it was with POP3 and SMTP. Not especially. An HTTP request may be passed through several proxies, a WebSocket request is less likely to. It's important to consider that if the HTTP service provides a cookie, then that should be sufficient if it would be sufficient in HTTP. I would argue that the whole question of user authentication on "the web" is in dire need of a re-examination, but again, this really isn't the forum to do it in. One point you made does apply here too - an IP address, if within the AS or local network, is sufficient to authenticate as an otherwise anonymous local user. This is the case used to allow SMTP relaying to ISP customers. I don't think this will be an option for the vast majrotiy of WebSocket services. Dave. -- Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Adam Barth
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- [hybi] I-D Action:draft-ietf-hybi-thewebsocketpro… Internet-Drafts
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Adam Barth
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Joe Hildebrand
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Adam Barth
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Roy T. Fielding
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Gabriel Montenegro
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Takeshi Yoshino
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Joe Hildebrand
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Hector Santos
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Hector Santos
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Alexey Melnikov
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… James Graham
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Julian Reschke
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Olli Pettay
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Gabriel Montenegro
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Olli Pettay
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Julian Reschke
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Scott Ferguson
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] Versioning is a anti-pattern Daniel Stenberg
- Re: [hybi] Versioning is a anti-pattern Tim Bray
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] Versioning is a anti-pattern Dave Cridland
- Re: [hybi] Versioning is a anti-pattern Hector Santos
- [hybi] List of (mostly) editorial changes for dra… Patrick McManus
- Re: [hybi] List of (mostly) editorial changes for… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Dave Cridland
- Re: [hybi] List of (mostly) editorial changes for… Patrick McManus
- [hybi] Web Socket IP Authentication Hector Santos
- Re: [hybi] Versioning is a anti-pattern David Orchard
- Re: [hybi] Versioning is a anti-pattern Greg Wilkins
- Re: [hybi] Versioning is a anti-pattern James Graham
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] Versioning is a anti-pattern Julian Reschke
- Re: [hybi] Web Socket IP Authentication Dave Cridland
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] Web Socket IP Authentication Hector Santos
- Re: [hybi] Versioning is a anti-pattern Patrick McManus
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] Versioning is a anti-pattern Scott Ferguson
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] Versioning is a anti-pattern Scott Ferguson
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] Versioning is a anti-pattern Adam Barth
- Re: [hybi] Versioning is a anti-pattern Martin J. Dürst
- Re: [hybi] Versioning is a anti-pattern David Orchard
- Re: [hybi] Versioning is a anti-pattern Willy Tarreau
- Re: [hybi] Versioning is a anti-pattern Julian Reschke
- Re: [hybi] Versioning is a anti-pattern Adam Barth
- Re: [hybi] Versioning is a anti-pattern Greg Wilkins
- Re: [hybi] List of (mostly) editorial changes for… Greg Wilkins
- Re: [hybi] List of (mostly) editorial changes for… Patrick McManus
- Re: [hybi] List of (mostly) editorial changes for… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Brian McKelvey
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Brian
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Anne van Kesteren
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… S Moonesamy
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Anne van Kesteren
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… S Moonesamy
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… S Moonesamy
- Re: [hybi] Versioning is a anti-pattern Julian Reschke