IETF Logo Mail Archive

Re: [hybi] Insight you need to know: Browsers are at fault when servers crash

Scott Ferguson <ferg@caucho.com> Mon, 26 July 2010 19:09 UTC

Return-Path: <ferg@caucho.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 778CA3A688A for <hybi@core3.amsl.com>; Mon, 26 Jul 2010 12:09:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HmKprUGc4ZCf for <hybi@core3.amsl.com>; Mon, 26 Jul 2010 12:09:27 -0700 (PDT)
Received: from smtp112.biz.mail.re2.yahoo.com (smtp112.biz.mail.re2.yahoo.com [66.196.116.97]) by core3.amsl.com (Postfix) with SMTP id 30EA83A6881 for <hybi@ietf.org>; Mon, 26 Jul 2010 12:09:27 -0700 (PDT)
Received: (qmail 97940 invoked from network); 26 Jul 2010 19:09:45 -0000
Received: from [192.168.1.11] (ferg@66.92.8.203 with plain) by smtp112.biz.mail.re2.yahoo.com with SMTP; 26 Jul 2010 12:09:44 -0700 PDT
X-Yahoo-SMTP: L1_TBRiswBB5.MuzAo8Yf89wczFo0A2C
X-YMail-OSG: trWLbNIVM1m6kkIIR0Eb8HzJ93XPq5zMfjukWCq61EZP3mt AMgWpyO4TqmbrlhvtRyqvsRypipDgCSwOKu4ovHdHcAFhojj8_o0FhcbbVJF 7fR2ve_7SpO.fNsxysLv4hD6m3tEoNrko_WfFV71A01uD75ufZBQDFC80SS_ TDV92l3dZZ7u5bu5.RbSUoA2xC.zqD5Ib7SaKaqhX_WQrx0tOaEL4ZdGxukS UC7ReYZqLBT4oDVHG0dvP3DbU2MDmdWl_F2uaXpHhvmTVm9OpgiCryJ7Gw4R yfcshwEFP0ZdoS94f51nffFdS39hXJOuRFm3mYwVyrkhQ9NZ.k8Qn.cvytpH eeU8r6xI8HtjnqkKmXI7811vC_HeiR4twPBjW8gbH.3GIECIgka3SsCgUn1N v.vTNCFQpDkU4bDySQSZRvfOM7ntiVhR641UBSoOne_crkNK1
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4C4DDD72.1070307@caucho.com>
Date: Mon, 26 Jul 2010 12:09:38 -0700
From: Scott Ferguson <ferg@caucho.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Maciej Stachowiak <mjs@apple.com>
References: <AANLkTilfxps1wWjFrwrH_3Js6Q9E331AMKFRNHfeHcdL@mail.gmail.com> <AANLkTi=vPAnnK0=gE=YN10vt9b-f6sWXXcwK+La5SriO@mail.gmail.com> <623C6D70-B4AF-49EC-BA07-6F90BD0FFFBF@apple.com> <AANLkTi=Q-PVrdaWuOu3H=wUiphe6JB4C+LauSOXKozoY@mail.gmail.com> <AANLkTi=Z-Zw3gJAdwQMAqG5UUVnV_kgsGm3M_qQ2Bwt7@mail.gmail.com> <8B47440C-7CFD-442F-94E3-96A8EBE7D25D@apple.com> <AANLkTimRo_ubic96z3VgwexiOw0KJg10HQedmcuBs6jp@mail.gmail.com> <FA3856A4-FF29-430E-8BE4-3049F1E33A03@apple.com> <AANLkTim14YJgikfeU9k84xMqtcFt0cdqJQZcsNmvt-Eo@mail.gmail.com> <1453160A-6353-4720-88BA-43D17038B4A7@apple.com> <AANLkTimT+mNXBoQO5L11_ibv645u8Se5K+GBhP9vKXmj@mail.gmail.com> <25137069-5C6D-4171-873D-65F9925077A8@apple.com> <AANLkTin1PBskrUYFeOYzexwZOe++WSOCiSRbp6_RDCsh@mail.gmail.com> <E15FFECE-32B6-49CB-B2D0-5D536A309523@apple.com>
In-Reply-To: <E15FFECE-32B6-49CB-B2D0-5D536A309523@apple.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: hybi@ietf.org
Subject: Re: [hybi] Insight you need to know: Browsers are at fault when servers crash
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2010 19:09:28 -0000

Maciej Stachowiak wrote:
> The difficulty is that the computation has to validate the HTTP-level handshake, looking at elements that cannot easily be forged, or it suffers from the same problem I described above. If it is derived solely from portions of the request that could be attacker-controlled, then it is predictable to the attacker, so using it as part of the crypto key for the body is no obstacle to injecting chosen plaintext.
>   
But there are two separate validations: validating the client and 
validating the server. The same computation doesn't validate both at 
once. (It can't validate both at once, because the client validates the 
server but the server validates the client.)

Your proposed attack is the client-validation problem: is the client a 
real websocket client? (where the server is a websocket server.)

Adam's proposal is for the server-validation problem: is the server a 
real websocket server? (where the client is a websocket client.) It 
doesn't address the client-validation problem.

But it's not a flaw in Adam's proposal that it doesn't address the 
client-validation problem. It would only be a flaw if the attack showed 
a weakness in solving the server-validation problem.

(Just to be clear, it's not possible to have both issues in the same 
attack, because a non-websocket client talking to a non-websocket server 
isn't our problem.)
> This means we'd need something with similar complexity to the current handshake, except we'd have the benefit that the first client --> server message can save a round trip.
>   
The client-validation problem could be solved if there are elements in 
the initial request that cannot be forged, as you pointed out. For 
example, if the HTTP method cannot be forged, changing the HTTP method 
to something like "WEBSOCKET" would validate the client as a real 
websocket client.

If the entire request can be forged by a non-web-socket client, then you 
do need a second client response to the server's initial response. If 
the entire request can be forged, the server needs to send a random 
nonce and force the client to compute a hash to prove the client is a 
real client.

-- Scott
> On the other hand, using your scheme straight-up without a prior HTTP header is probably safe without any additional rigidity.
>   
> Regards,
> Maciej
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>
>
>
>

v2.23.0 | Report a Bug | By Email