IETF Logo Mail Archive

Re: [hybi] [Technical Errata Reported] RFC6455 (3215)

Jesse Katzman <jesse.katzman@gmail.com> Mon, 07 May 2012 01:06 UTC

Return-Path: <jesse.katzman@gmail.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D513521F8448 for <hybi@ietfa.amsl.com>; Sun, 6 May 2012 18:06:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lMq0xWVqWOum for <hybi@ietfa.amsl.com>; Sun, 6 May 2012 18:06:12 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 27B3521F84DF for <hybi@ietf.org>; Sun, 6 May 2012 18:06:04 -0700 (PDT)
Received: by yenq13 with SMTP id q13so27325yen.31 for <hybi@ietf.org>; Sun, 06 May 2012 18:06:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=h3StGOHAcEWtp4Kb5KXM0ehxBZ1+DApOsa3AE3yV/5U=; b=Rd/h9CjVaR2sknw5OKu6lFX98E2GdyweGNpl5yrbEjfcoOAMyrvP9+I8PqoPqwmr5d NRIrsR8TjjrBO/sBQplim0h+Tsco1ZPyStZVq+/ZKIYXQ2OPhqFnJZh0YgLgcBs9sFll CN9HGLMjwnnbN5P6dUB/7yc0k4oHrPC4kavnQofl+6WxgdQNBgvS0xB/7aV4MY22UPz+ 52Kmp8mwF3+QTC363PpDI2EPKsJiP8Ugh0eQLkmkp2/u1u3aSvptDWNQpC2jXdfLXBEH /xFUpLE4YzYO6Q8uNrGO/uyaXuhAWnkBFc44cmHTVpjC8RMI69bF0wQ+/Y8HTl79w9Z2 4TnA==
Received: by 10.50.158.134 with SMTP id wu6mr7282926igb.47.1336352763557; Sun, 06 May 2012 18:06:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.170.197 with HTTP; Sun, 6 May 2012 18:05:43 -0700 (PDT)
In-Reply-To: <CALaySJLuUsHMMNhEych3eiBYcH5QwqO1QoWt8YN+x6cM5ds4Dg@mail.gmail.com>
References: <20120507003008.A70F2B1E002@rfc-editor.org> <4FA71E33.3020608@stpeter.im> <CALaySJLuUsHMMNhEych3eiBYcH5QwqO1QoWt8YN+x6cM5ds4Dg@mail.gmail.com>
From: Jesse Katzman <jesse.katzman@gmail.com>
Date: Sun, 06 May 2012 21:05:43 -0400
Message-ID: <CAEBq9TiPYE0k+o52bYzntUT-Qg2kqg+U3uiOB4kmg3pZwg16-A@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Content-Type: multipart/alternative; boundary="14dae9340387c435d504bf67df17"
X-Mailman-Approved-At: Sun, 06 May 2012 18:14:08 -0700
Cc: hybi@ietf.org, ifette+ietf@google.com, Gabriel.Montenegro@microsoft.com, presnick@qualcomm.com
Subject: Re: [hybi] [Technical Errata Reported] RFC6455 (3215)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2012 01:08:39 -0000

Okay, thank you.  Will do.

2012/5/6 Barry Leiba <barryleiba@computer.org>

> > IMHO this is not really a valid erratum, although it's a worthy topic
> > for discussion if and when this working group (or a successor working
> > group) decides to work on a document that might supersede RFC 6455.
>
> Absolutely -- not appropriate for the errata system.  I'm going to
> reject this erratum, and suggest that the submitter participate in the
> HyBi working group instead.
>
> Barry, responsible AD
>
> > On 5/6/12 6:30 PM, RFC Errata System wrote:
> >>
> >> The following errata report has been submitted for RFC6455,
> >> "The WebSocket Protocol".
> >>
> >> --------------------------------------
> >> You may review the report below and at:
> >> http://www.rfc-editor.org/errata_search.php?rfc=6455&eid=3215
> >>
> >> --------------------------------------
> >> Type: Technical
> >> Reported by: Jesse Katzman <jesse.katzman@gmail.com>
> >>
> >> Section: 5.3
> >>
> >> Original Text
> >> -------------
> >> The unpredictability of the masking key is essential to prevent authors
> of malicious applications from selecting the bytes that appear on the wire.
> >>
> >> Corrected Text
> >> --------------
> >>
> >>
> >> Notes
> >> -----
> >> I don't see how the client-to-server masking prevents "authors of
> malicious applications from selecting the bytes that appear on the wire".
> >>
> >> Maliciously changing the contents of a message simply requires a few
> more steps than it would without masking, as far as I can tell.
> >>
> >> I'm quite new at networking, so perhaps I'm missing something.  Thank
> you.
> >>
> >> Instructions:
> >> -------------
> >> This errata is currently posted as "Reported". If necessary, please
> >> use "Reply All" to discuss whether it should be verified or
> >> rejected. When a decision is reached, the verifying party (IESG)
> >> can log in to change the status and edit the report, if necessary.
> >>
> >> --------------------------------------
> >> RFC6455 (draft-ietf-hybi-thewebsocketprotocol-17)
> >> --------------------------------------
> >> Title               : The WebSocket Protocol
> >> Publication Date    : December 2011
> >> Author(s)           : I. Fette, A. Melnikov
> >> Category            : PROPOSED STANDARD
> >> Source              : BiDirectional or Server-Initiated HTTP
> >> Area                : Applications
> >> Stream              : IETF
> >> Verifying Party     : IESG
> >> _______________________________________________
> >> hybi mailing list
> >> hybi@ietf.org
> >> https://www.ietf.org/mailman/listinfo/hybi
>

v2.23.0 | Report a Bug | By Email