IETF Logo Mail Archive

Re: [hybi] A WebSocket handshake

Greg Wilkins <gregw@webtide.com> Thu, 07 October 2010 06:41 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 167823A6BDF for <hybi@core3.amsl.com>; Wed, 6 Oct 2010 23:41:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.745
X-Spam-Level:
X-Spam-Status: No, score=-1.745 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GgJ9TvKlyUws for <hybi@core3.amsl.com>; Wed, 6 Oct 2010 23:41:09 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id B32163A70DB for <hybi@ietf.org>; Wed, 6 Oct 2010 23:41:09 -0700 (PDT)
Received: by iwn10 with SMTP id 10so653483iwn.31 for <hybi@ietf.org>; Wed, 06 Oct 2010 23:42:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.174.84 with SMTP id s20mr374813ibz.94.1286433730990; Wed, 06 Oct 2010 23:42:10 -0700 (PDT)
Received: by 10.231.39.199 with HTTP; Wed, 6 Oct 2010 23:42:10 -0700 (PDT)
In-Reply-To: <AANLkTik4sgV17C_LL9AoJSk0kudk6jDb2N-icZ+DmneX@mail.gmail.com>
References: <AANLkTimQ5x-v+Mz_OHrNDdtVd94E+HOBWwo3_f1ktEeg@mail.gmail.com> <AANLkTinw7CpY9d1pW0dEtY9kTLoY6dwoUcXHkLbK7b_q@mail.gmail.com> <AANLkTik4sgV17C_LL9AoJSk0kudk6jDb2N-icZ+DmneX@mail.gmail.com>
Date: Thu, 07 Oct 2010 17:42:10 +1100
Message-ID: <AANLkTimpEeOd0dzkLLvrHbyiykZxYHMCxHiSjzSRxC_d@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Hybi <hybi@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [hybi] A WebSocket handshake
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2010 06:41:11 -0000

On 7 October 2010 16:23, Adam Barth <ietf@adambarth.com> wrote:
> On Wed, Oct 6, 2010 at 7:33 PM, Greg Wilkins <gregw@webtide.com> wrote:
>> On 6 October 2010 09:15, Adam Barth <ietf@adambarth.com> wrote:
>>> == Strawmen ==
>>> If  the attacker can host an htaccess file at any location a target HTTP server,
>>
>> This is indeed a strawman.
> Hence the title.  :)

You do know what a strawman is right?

   http://en.wikipedia.org/wiki/Straw_man

Strawmen have no place in a reasoned discussion.



> That's not correct.  As cited in the paper, there are many folks who
> will virtually host my PHP scripts with other customers.  The security
> architecture of the web makes that safe.  Resources are allocated by
> origin.

Exactly - the security architecture of the web makes that safe.
No cookies or credentials for goodguy.somehost.com/secret/ are going
to be sent to
evilgenius.somehost.com/attack.

Also hosting PHP is not sufficient to be able to accept a websocket handshake.
It must be able to send a 101 response and then generate a valid ping
message (or the
correct random bytes in the -02 draft).

You are only revealing vulnerabilities in a strawman server that
you've hypothesised to be vulnerable.



>>> === Handshake Request ===
> That's factually inaccurate.  The URL and subprotocol information is
> included in the initial encrypted.

I'm sorry - I was confused by your statement that "The attacker cannot
influence
any of the bytes included in the message".   Your proposal read like
this information was
sent in a subsequent request.

So an attacker can influence the bytes in the handshake.

> No.
> [...]
> Fortunately, this handshake does not punish correctly implemented
> intermediaries.

Care to explain?

You say that an intermediary that understands CONNECT will route to a
non-existent domain.
How will such an intermediary be able to work with websocket?



> The attacker in our threat model is not allowed to provide a proxy
> autoconfig file.

again - probably true... but I'd like to see the detailed anaysis as
to why that is so.



> Given that you didn't understand how this handshake works,
> I'd encourage you to reconsider your position.

I did misunderstand your statement that the attacker cannot influence
any of the bytes included in the handshake, but have now reread the
proposal and think that I've got the nuts of it.

There are basically two elements to it, that I actually should be
considered separately and as incremental proposal to the current
draft.

1) Encrypt the user/attacker supplied data.    There may be some merit
in this, but it can be equally applied to the upgrade approach as it
can to a CONNECT approach.   But you analysis of the threat is based
on a strawman and I do not believe that you have substantiated any
significant vulnerability where a URL or field value of a HTTP request
may be interpreted as content in another protocol - that is not
already vulnerable to HTTP clients.  Without an real threat, I do not
believe that encryption is worth while.

2) Use of CONNECT rather than upgrade.  Again, there is some merit in
considering this, but I believe it has been discussed before and
eventually rejected.  There is the issue that an intermediary that
correctly implements CONNECT will not pass such a hand shake.  If that
concern can be addressed, and if we can do some real world testing of
how CONNECT performs, then maybe it is a candidate.


regards

v2.23.0 | Report a Bug | By Email