Re: [hybi] Handshake was: The WebSocket protocol issues.
Greg Wilkins <gregw@webtide.com> Sat, 09 October 2010 08:17 UTC
Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E9983A6845 for <hybi@core3.amsl.com>; Sat, 9 Oct 2010 01:17:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41iS8oyNKxMX for <hybi@core3.amsl.com>; Sat, 9 Oct 2010 01:17:39 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 436193A69C2 for <hybi@ietf.org>; Sat, 9 Oct 2010 01:17:39 -0700 (PDT)
Received: by iwn10 with SMTP id 10so2107764iwn.31 for <hybi@ietf.org>; Sat, 09 Oct 2010 01:18:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.42.211.140 with SMTP id go12mr576418icb.320.1286612325906; Sat, 09 Oct 2010 01:18:45 -0700 (PDT)
Received: by 10.231.39.199 with HTTP; Sat, 9 Oct 2010 01:18:45 -0700 (PDT)
In-Reply-To: <AANLkTingLtQ7q=5jVBe4xZTdNoXbA3N-N8+TJ+yeON-K@mail.gmail.com>
References: <AANLkTikszM0pVE-0dpZ2kv=i=y5yzS2ekeyZxtz9N=fQ@mail.gmail.com> <AANLkTik9igUwoxVrktoBoZrPoUW=Tjh7HyVbGJgQYes-@mail.gmail.com> <9F595226-FA0A-4C38-A6D0-0F4214BD7D21@apple.com> <4CA4BE10.1010709@caucho.com> <AANLkTi=wKFnNOuM+U3fktAFRn3R5OZ7c6PR2W3EAy7tm@mail.gmail.com> <4CA53E6B.1040808@caucho.com> <AANLkTikOyvF5AHTf4sDD=rWmK2FTD6R6LaHa4KTqkbcm@mail.gmail.com> <4CA68098.8010404@caucho.com> <AANLkTinYhW9MnnM3tkbCWziePyM7mFUEteKhw5OGp-eS@mail.gmail.com> <AANLkTi=_ejOCNiM49VW5q05=H7-M0jzAvXvGaKM1b7mX@mail.gmail.com> <AANLkTimyJj+Jxz1Q6fLrQ8iosGkD+0shUh3=td+jX_Do@mail.gmail.com> <4CA772A1.2090808@caucho.com> <AANLkTi=nLixtxMEd4B58Zp5FRbquNX2C_=7gCf9BGGQs@mail.gmail.com> <4CABCBFA.6020100@caucho.com> <AANLkTi=5wbCXWpOtUQT1MndgCxt9gj6uR_3U=nONpjKc@mail.gmail.com> <4CABD11F.3060500@caucho.com> <AANLkTiksehiSp7DB17MBVBb457p6pN5E8vma6FHz1c9j@mail.gmail.com> <4CACA667.3040309@caucho.com> <4CAF9589.1060007@caucho.com> <AANLkTinnnT5Oib7FvDdZF2q_WUT8=q8KNmfkfajE0Mor@mail.gmail.com> <4CAFA043.10101@caucho.com> <AANLkTi=eo-cjBz160FN0cn53v4-CpDSYaEneqkr_ZP7k@mail.gmail.com> <AANLkTi=B1rGBgi4jYZ_TqX9Qt1xtXoyneZtztnLOkW6b@mail.gmail.com> <AANLkTingLtQ7q=5jVBe4xZTdNoXbA3N-N8+TJ+yeON-K@mail.gmail.com>
Date: Sat, 09 Oct 2010 19:18:45 +1100
Message-ID: <AANLkTinHjvwRQedG8BqCbWv3u6GidH_2-ZwehS4fuVpv@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Adam Barth <ietf@adambarth.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Oct 2010 08:17:45 -0000
On 9 October 2010 11:43, Adam Barth <ietf@adambarth.com> wrote: > I don't know why you think that's so hard to set the response status. > There's a PHP function does exactly that: Interesting - I tested it with apache2 and it does allow 1xx responses, even though they are not actually legal HTTP, specially to send 1xx responses with message bodies. But that's why we have defence in depth. I tried to spoof the content-length, but apache corrected the wrong value so that all the content the php script provided was sent as the body of the 101 response. Also my attempts to send a null character resulted in 501 Method Not Implemented responses and a closed connection. > We should just use that instead of crossing our fingers and hoping for the best. Your attitude that you are the only one here that cares about security is getter rather tiresome.
- [hybi] Handshake was: The WebSocket protocol issu… Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Gabriel Montenegro
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Simone Bordet
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Simone Bordet
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … James Graham
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … John Tamplin
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Hickson
- Re: [hybi] Handshake was: The WebSocket protocol … Mike Belshe
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Alexander Voronin
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Hickson
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Simon Pieters
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Simone Bordet
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Roderick Baier
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Simone Bordet
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … James Graham
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Greg Wilkins
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … James Graham
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Bjoern Hoehrmann
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Fette (イアンフェッティ)
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Hickson
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Fette (イアンフェッティ)
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Ian Fette (イアンフェッティ)
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Scott Ferguson
- Re: [hybi] Handshake was: The WebSocket protocol … Adam Barth
- Re: [hybi] Handshake was: The WebSocket protocol … Eric Rescorla
- Re: [hybi] Handshake was: The WebSocket protocol … Maciej Stachowiak
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus
- Re: [hybi] Handshake was: The WebSocket protocol … Willy Tarreau
- Re: [hybi] Handshake was: The WebSocket protocol … Patrick McManus