IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Adam Barth <ietf@adambarth.com> Fri, 01 October 2010 02:35 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB36D3A6D4C for <hybi@core3.amsl.com>; Thu, 30 Sep 2010 19:35:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[AWL=-0.032, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uo5Hjmhll61j for <hybi@core3.amsl.com>; Thu, 30 Sep 2010 19:35:49 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id 57A193A6D1D for <hybi@ietf.org>; Thu, 30 Sep 2010 19:35:46 -0700 (PDT)
Received: by qwc9 with SMTP id 9so1382110qwc.31 for <hybi@ietf.org>; Thu, 30 Sep 2010 19:36:33 -0700 (PDT)
Received: by 10.229.84.139 with SMTP id j11mr3394462qcl.98.1285900593086; Thu, 30 Sep 2010 19:36:33 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id r38sm671957qcs.26.2010.09.30.19.36.31 (version=SSLv3 cipher=RC4-MD5); Thu, 30 Sep 2010 19:36:31 -0700 (PDT)
Received: by iwn3 with SMTP id 3so3884082iwn.31 for <hybi@ietf.org>; Thu, 30 Sep 2010 19:36:30 -0700 (PDT)
Received: by 10.231.190.149 with SMTP id di21mr4816960ibb.166.1285900590621; Thu, 30 Sep 2010 19:36:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.149.20 with HTTP; Thu, 30 Sep 2010 19:36:00 -0700 (PDT)
In-Reply-To: <4CA53E6B.1040808@caucho.com>
References: <AANLkTikszM0pVE-0dpZ2kv=i=y5yzS2ekeyZxtz9N=fQ@mail.gmail.com> <AANLkTikKc+4q_Q1+9uDo=ZpFF6S49i6vj2agZOGWVqKm@mail.gmail.com> <E2D38FF3-F1B9-4305-A7FC-A9690D2AEB4A@apple.com> <AANLkTikRYB_suPmSdH3uzGmdynozECRszDx+BpUvtZ4h@mail.gmail.com> <5CBF797D-A58E-4129-96B3-164F6E7409B9@apple.com> <4CA0D0D2.4040006@caucho.com> <AANLkTinACqm-GxUPhvFMf6_sGfeJofwy1r=28o=vgM43@mail.gmail.com> <4CA12810.8020006@caucho.com> <AANLkTimrMfXrnVMjU3f57L_sO7usyYQ56rBM4aMb2Pfr@mail.gmail.com> <20100928052501.GD12373@1wt.eu> <CA8029B0-71A3-44ED-88C6-934FE833BBA2@apple.com> <AANLkTim+fXj-h6OS3OdcfVfh3Q1UwxD8NLVawb=AWHX+@mail.gmail.com> <4FAC5C93-9BDF-4752-AFBC-162D718397AB@apple.com> <AANLkTikcH1W3bQwumqHbe-Yqa3XdoJqCa2b-mZuvoQ7g@mail.gmail.com> <9746E847-DC8B-45A7-ADF3-2ADB9DA7F82E@apple.com> <AANLkTik9igUwoxVrktoBoZrPoUW=Tjh7HyVbGJgQYes-@mail.gmail.com> <9F595226-FA0A-4C38-A6D0-0F4214BD7D21@apple.com> <4CA4BE10.1010709@caucho.com> <AANLkTi=wKFnNOuM+U3fktAFRn3R5OZ7c6PR2W3EAy7tm@mail.gmail.com> <4CA53E6B.1040808@caucho.com>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 30 Sep 2010 19:36:00 -0700
Message-ID: <AANLkTikOyvF5AHTf4sDD=rWmK2FTD6R6LaHa4KTqkbcm@mail.gmail.com>
To: Scott Ferguson <ferg@caucho.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2010 02:35:52 -0000

On Thu, Sep 30, 2010 at 6:50 PM, Scott Ferguson <ferg@caucho.com> wrote:
> To repeat the key pieces:
>  a) c-nonce must not be available to or predictable by the hijacker
>  b) "WebSocket" is not possessed by a non-websocket server

You're making a bunch of assumptions about how non-websocket servers
behave.  In particular, consider a protocol like DNS.  It's entirely
possible that a DNS-like protocol could relay the c-nonce to the
attacker and give the attacker an opportunity to response with the
appropriate hash, which the server would then relay to the client.
Attacks of this general class (even against DNS) are known for HTTP.

The security of this protocol relies on more assumptions than you've
listed in your message.  Reasoning about security here is very subtle,
especially when reasoning about the behavior of non-WebSocket servers.
 We need to be prepared for them to do a wide variety of things.

As a side note, using an exotic HTTP method is not a good idea.  The
first few bytes of the clients initial message are absolutely
critical.  Picking an exotic HTTP method is just rolling the dice
w.r.t. what protocols an attacker can exploit.  For example, some
attacks from HTTP to DNS rely critically on the fact that the first
byte of an HTTP POST message is an uppercase P.  The kinds of things
you can do with an uppercase W as the first byte are largely
unstudied.

Adam

v2.23.0 | Report a Bug | By Email