IETF Logo Mail Archive

Re: [hybi] WebSocket handshake (HTTP and SSO)

Ian Fette (イアンフェッティ) <ifette@google.com> Wed, 01 September 2010 04:20 UTC

Return-Path: <ifette@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 15BE53A694A for <hybi@core3.amsl.com>; Tue, 31 Aug 2010 21:20:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.437
X-Spam-Level:
X-Spam-Status: No, score=-105.437 tagged_above=-999 required=5 tests=[AWL=0.239, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5THkpjl-g6+H for <hybi@core3.amsl.com>; Tue, 31 Aug 2010 21:20:20 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 3F81A3A68E2 for <hybi@ietf.org>; Tue, 31 Aug 2010 21:20:20 -0700 (PDT)
Received: from hpaq5.eem.corp.google.com (hpaq5.eem.corp.google.com [172.25.149.5]) by smtp-out.google.com with ESMTP id o814KnJb010889 for <hybi@ietf.org>; Tue, 31 Aug 2010 21:20:50 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1283314850; bh=61DOHYdgDgAMkvy+e/euf0B0NIY=; h=MIME-Version:Reply-To:In-Reply-To:References:Date:Message-ID: Subject:From:To:Cc:Content-Type; b=YBOGbDjmxKvgVM4qafZQ+hMyPB1rH5uJB9ZUDDdeJ2y1GIANHSdsOpobid84KxeAF saXrD3Ozu6akmuhkbXI5A==
Received: from ywj3 (ywj3.prod.google.com [10.192.10.3]) by hpaq5.eem.corp.google.com with ESMTP id o814Kl2F016829 for <hybi@ietf.org>; Tue, 31 Aug 2010 21:20:48 -0700
Received: by ywj3 with SMTP id 3so3299590ywj.30 for <hybi@ietf.org>; Tue, 31 Aug 2010 21:20:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:received:reply-to :in-reply-to:references:date:message-id:subject:from:to:cc :content-type; bh=L+sE6uT+UGScBxjo7cybkIs0NREqdoTwUuhoDiQiitI=; b=KB6SzNzrStkuKHZovutBqu9NR+1t6ci5Lor4neDqRR6+WeFW1AxxO48srVTSg1xvo1 UsFuLzk05Oa96NgOAQnA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=oX5VZgeogJ1reKVcCEHI4khtaja/K8EXqYz06HL6Z9r9TiZtbL9t9Um6Nr6M3y6djN tXYaAkJMU2cjAeZU3zTA==
MIME-Version: 1.0
Received: by 10.150.192.19 with SMTP id p19mr7985976ybf.312.1283314847410; Tue, 31 Aug 2010 21:20:47 -0700 (PDT)
Received: by 10.150.229.7 with HTTP; Tue, 31 Aug 2010 21:20:47 -0700 (PDT)
In-Reply-To: <4C7DAECB.7050905@caucho.com>
References: <4C7A269F.8020306@gmail.com> <AANLkTinqJ+K-pqm7p7S+aviWVY==S0mJ9RBvNfpnTa02@mail.gmail.com> <AANLkTikCVNoJnKXTOTJadYJWYR356u1wZdVNdBwEh6cg@mail.gmail.com> <AANLkTik3Jo4rG8cTcHerpwPumT_X77bn9y5rDkZ8ZD33@mail.gmail.com> <AANLkTimabr-0gVy1Jpr0=i-Wfv6u-AnD+ReNvb0eajYO@mail.gmail.com> <4C7BDA8F.4080107@caucho.com> <4C7BF060.7070501@isdg.net> <4C7C2A33.6010405@caucho.com> <4C7C746F.1040006@isdg.net> <4C7D2B74.8030702@caucho.com> <4C7D5B20.9030503@isdg.net> <4C7DAECB.7050905@caucho.com>
Date: Tue, 31 Aug 2010 21:20:47 -0700
Message-ID: <AANLkTikS7L_04HDAsL6t+FrHZKVXQN2Gx1gmjh4gYLcb@mail.gmail.com>
From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
To: Scott Ferguson <ferg@caucho.com>
Content-Type: multipart/alternative; boundary="000e0cd6ac789d69ae048f2b0571"
X-System-Of-Record: true
Cc: hybi <hybi@ietf.org>, Brodie Thiesfield <brodie@jellycan.com>
Subject: Re: [hybi] WebSocket handshake (HTTP and SSO)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ifette@google.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 04:20:22 -0000

On Tue, Aug 31, 2010 at 6:39 PM, Scott Ferguson <ferg@caucho.com> wrote:

> Hector Santos wrote:
>
>> Scott Ferguson wrote:
>>
>>  Hector Santos wrote:
>>>
>>> DIGEST is a challenge/response style authentication, which means it uses
>>> a challenge from the server before sending its credentials. BASIC just sends
>>> the user and credentials in clear text.
>>>
>>
>> Sorry, missed this (not so) subtle point. BASIC does not require an
>> initial server challenge hence it can work unsolicited.
>>
>
> Exactly.
>
>
>>  Also probably related, I see no security benefit in this handshake. The
>>>> bad guy client can always validate a server handshake response whether it
>>>> was correct or not.
>>>>
>>>
>>> I don't understand. A bad client can't generate the correct
>>> authentication credentials. That's the whole point of authentication.
>>>
>>
>> I was referring to the websocket client random data and the websocket
>> server "reassembly" and response.
>>
>> Well, bad guys will most like implement websocket clients which ignore the
>> server response (always accept it) and simply move the ready state to open,
>> and fire the onOpen.  I didn't see how this challenge helps except maybe to
>> mitigate MITM threats.
>>
>>
> Oh.
>
> I think what it's trying to do is validate that the client is a websocket
> client and the server is a websocket server before sending any content that
> might be an attack (like a SMTP mail message or printer commands.)
>
> Here's what I think the protocol is trying to do (the actual algorithm is
> obscure):
>
> a) To validate the server as websocket server (as opposed to a SMTP
> server), the client creates a securely-generated random nonce, c_nonce and
> sends it in C1. The server sends back a hash in S2, like H(c_nonce,
> "WebSocket"). Since no server other than a websocket server will generate
> that hash, you've verified that the server is a websocket server.
>
> b) To validate the client as a websocket client (as opposed to a hijacked
> HTTP client), the server sends a securely-generated random nonce, s_nonce
> and sends it in S2. The client sends a hash back in C3, like H(s_nonce,
> "WebSocket"). Since no hijacked non-websocket client can generate that hash,
> you've verified that the client is a websocket client.
>
> So now the websocket protocol is free to run, having verified that the
> client and server are both websocket implementations.  Of course, those
> websocket implementations might be hijacked too, or the attacking client
> might be a non-browser valid websocket client but that's a different story
> (or rather, it's the same story as my request for authentication support,
> but unrelated to the security fields in the current protocol.)
>
> Or at least, I think that's what the protocol is trying to do. To me, it
> looks like a security -through-confusion protocol hacked together by someone
> with little security experience, who believes that a complicated, confusing
> protocol is more secure than a straightforward one. If no one can understand
> it, no one can attack it, I guess. That's just what it looks like to me.
>

While I can appreciate that you may not care for the complexity of the
handshake, I would ask that you please not attack the experience of the
people involved in its design. Critiques of the protocol are certainly
welcome, but I don't think personal attacks are appropriate.



> -- Scott
>
>
>
> -- Scott
>
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>

v2.23.0 | Report a Bug | By Email