IETF Logo Mail Archive

Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt

John Tamplin <jat@google.com> Thu, 08 September 2011 17:46 UTC

Return-Path: <jat@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9008C21F850E for <hybi@ietfa.amsl.com>; Thu, 8 Sep 2011 10:46:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.889
X-Spam-Level:
X-Spam-Status: No, score=-105.889 tagged_above=-999 required=5 tests=[AWL=0.087, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4j8dO180P5Ha for <hybi@ietfa.amsl.com>; Thu, 8 Sep 2011 10:46:09 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by ietfa.amsl.com (Postfix) with ESMTP id BD0E321F84D3 for <hybi@ietf.org>; Thu, 8 Sep 2011 10:46:08 -0700 (PDT)
Received: from hpaq14.eem.corp.google.com (hpaq14.eem.corp.google.com [172.25.149.14]) by smtp-out.google.com with ESMTP id p88Hm07P013433 for <hybi@ietf.org>; Thu, 8 Sep 2011 10:48:01 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1315504081; bh=OtiIzq8i9h2UoirjVTyjEqcj0fU=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=NSueMrXDtmzRSmTWIwUD00LiaRtgGrTgrlEDVzylTz1om13mv3okkvIfegwgBqCNt QOSgLfJ+5/cSvdnDLB18A==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:from:date: message-id:subject:to:cc:content-type:x-system-of-record; b=q7Qxx2PvL/vvpzZ+bP3iEtQYTDHZHHwLBOHOTc6bOulUhTaG+iuSfEvfbh+jlBpj1 RXa3RqQMKPOOy2HNQlu5g==
Received: from gyg10 (gyg10.prod.google.com [10.243.50.138]) by hpaq14.eem.corp.google.com with ESMTP id p88Hk61W004862 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <hybi@ietf.org>; Thu, 8 Sep 2011 10:47:59 -0700
Received: by gyg10 with SMTP id 10so550325gyg.19 for <hybi@ietf.org>; Thu, 08 Sep 2011 10:47:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=saT+2p6aQW1EpVeWJjl5ExKarinvGRaM0iBKiAQl0ww=; b=JybeTmlYzxy3FOtJqTl3sLDw+cziR1enDzMnJwI3LvEAIyeteZDOfPOWCNPKZFpA7M Tp5vwr5ycop5CxNjs8kQ==
Received: by 10.151.78.16 with SMTP id f16mr1101234ybl.116.1315504079266; Thu, 08 Sep 2011 10:47:59 -0700 (PDT)
Received: by 10.151.78.16 with SMTP id f16mr1101226ybl.116.1315504079108; Thu, 08 Sep 2011 10:47:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.150.49.7 with HTTP; Thu, 8 Sep 2011 10:47:39 -0700 (PDT)
In-Reply-To: <634914A010D0B943A035D226786325D422C0F6DC2B@EXVMBX020-12.exch020.serverdata.net>
References: <20110831184207.1514.64093.idtracker@ietfa.amsl.com> <0fc901cc6878$1681eec0$0a00a8c0@Venus> <CAH9hSJb2rH+fX0AnekYxsEkHKzb15aHrg_hDQw1baWLiWBF-3w@mail.gmail.com> <17b501cc6d31$3016d6d0$0a00a8c0@Venus> <CAH9hSJYhLpcXrOtS-nzLt2YW9QbngEsfdcNF+0TadyVA6rrK1A@mail.gmail.com> <17ef01cc6d39$3575ae50$0a00a8c0@Venus> <20110907085128.GA19144@1wt.eu> <CAH9hSJYXZ285L_+eJh6VUVCAg4D+u=vQbcjVOA4RMsJSbcHqiw@mail.gmail.com> <CABLsOLBKgnTFga821t2AZ1dXobTsfMb5v8CTJhm_Nr8WMkonaA@mail.gmail.com> <53451FDB-77F7-42A1-8D16-05094C35AB5D@bbn.com> <4E68E9F6.6030901@stpeter.im> <634914A010D0B943A035D226786325D422C0F6DBF7@EXVMBX020-12.exch020.serverdata.net> <CABLsOLAw=ru059x7p2EWnye6ssVQGAvrzBB9Y5mNyo9Ez_ae6A@mail.gmail.com> <634914A010D0B943A035D226786325D422C0F6DC2B@EXVMBX020-12.exch020.serverdata.net>
From: John Tamplin <jat@google.com>
Date: Thu, 08 Sep 2011 13:47:39 -0400
Message-ID: <CABLsOLDiGZqPFfg=qfa2MSZzPq6RdCeWFZ5uHt00L8OnSxc5AQ@mail.gmail.com>
To: Tobias Oberstein <tobias.oberstein@tavendo.de>
Content-Type: multipart/alternative; boundary="000e0cd5c0de55f9f804ac71a9cc"
X-System-Of-Record: true
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 17:46:09 -0000

On Thu, Sep 8, 2011 at 1:04 PM, Tobias Oberstein <
tobias.oberstein@tavendo.de> wrote:

> A client can just send frames with mask bit set, a random mask, but don't
> actually mask (XOR) the payload.****
>
> ** **
>
> The intermediary can check for mask bit set, unmask the payload using the
> random mask,****
>
> and then?****
>
> ** **
>
> When a client send white noise as payload, XORing the white noise with any
> mask will not****
>
> change the statistics of the result vs the original.****
>
> ** **
>
> Same for any sane encryption, which looks like white noise after
> encryption, and will look****
>
> like white noise after XOR with _any_ mask****
>
> ** **
>
> How can an intermediary proof that payload is really masked?
>

It knows the payload is really masked because a mask was present.
 Obviously, it can't know whether the payload was chosen to produce some
value after masking (any more than it could know why any particular payload
was chosen), but the browsers enforce that by not letting the JS code
control the key.

-- 
John A. Tamplin
Software Engineer (GWT), Google

v2.23.0 | Report a Bug | By Email