IETF Logo Mail Archive

Re: [hybi] workability (or otherwise) of HTTP upgrade

Zhong Yu <zhong.j.yu@gmail.com> Thu, 09 December 2010 19:15 UTC

Return-Path: <zhong.j.yu@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C468E28C144 for <hybi@core3.amsl.com>; Thu, 9 Dec 2010 11:15:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.35
X-Spam-Level:
X-Spam-Status: No, score=-3.35 tagged_above=-999 required=5 tests=[AWL=0.249, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mf2DFKRWZO5a for <hybi@core3.amsl.com>; Thu, 9 Dec 2010 11:15:14 -0800 (PST)
Received: from mail-ey0-f171.google.com (mail-ey0-f171.google.com [209.85.215.171]) by core3.amsl.com (Postfix) with ESMTP id 8822028C10F for <hybi@ietf.org>; Thu, 9 Dec 2010 11:15:14 -0800 (PST)
Received: by eyg5 with SMTP id 5so2302125eyg.16 for <hybi@ietf.org>; Thu, 09 Dec 2010 11:16:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=FjwQByt1EN3D8pPZt6jsPuSVpBPtPjp93ux+9qh5jNw=; b=ISYjVaqaliJsysSTZv0HrBmyV96R+Y1aS8OsUVOuH+cmH8ziYNeuY68XjrLF+4yFtS Qr+3nRR0OZSpJ5UB/VgsggdkCSHlgU9968cIelbauYcirpDchSy0CEaa/LoB4Wv8ucGP aaALyACTpoT91+teYpNQQlKZcsI3mQwwQ179w=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=h46gtZkA3lPLBMptjpfQM4tNfeXxCNWP/YHI3WdasieZWhi+3wEfIcnVb0qj6NUJLB Sz3+AB6o2dCBRVoBFvf+IvJinxN1IBnSdopdrqc59pgC/0jzc1Ahmk4NbtuAYR6J9yYg TzBtDOS2OnCQbDu3HGClbKQTHBhwjlefBZ2EU=
MIME-Version: 1.0
Received: by 10.213.22.207 with SMTP id o15mr175488ebb.75.1291922200321; Thu, 09 Dec 2010 11:16:40 -0800 (PST)
Received: by 10.213.16.142 with HTTP; Thu, 9 Dec 2010 11:16:40 -0800 (PST)
In-Reply-To: <6.2.5.6.2.20101209014340.07e69af0@resistor.net>
References: <F4D1B715-3606-4E9A-BFB2-8B7BC11BE331@mnot.net> <57D4B885-B1D8-482F-8747-6460C0FFF166@apple.com> <37A00E8D-B55C-49AD-A85C-A299C80FFF17@mnot.net> <4F2580A7-79C2-4B0A-BCE5-7FB6D9AA0ED7@apple.com> <BB31C4AB95A70042A256109D461991260583956C@XCH117CNC.rim.net> <EA41A6C7-971C-4EC8-AA6F-96363B7FDC4C@gmail.com> <73E53F19-E0E7-4ADB-B765-ABAF0B4A6736@mnot.net> <r2f0g6d7bj770kg0db5ptr027ninmckns8@hive.bjoern.hoehrmann.de> <20C2FBB9-901F-4235-AF23-EC8262585905@mnot.net> <mgj0g6hseqb6j92au80f8d1ook058nb33m@hive.bjoern.hoehrmann.de> <25E88686-BE24-4EFD-8330-25916C891664@mnot.net> <AANLkTi=k0Czvm_pW=N3zPAGZdKyqZGduGJUp8dk3PByX@mail.gmail.com> <AANLkTik=aKo1+_-SGga=U8-jsTGAjy9exhNxH4beG2Ah@mail.gmail.com> <6.2.5.6.2.20101209014340.07e69af0@resistor.net>
Date: Thu, 09 Dec 2010 13:16:40 -0600
Message-ID: <AANLkTim5mcJXOJryvWf+Cx0SsA57DdFcshWM1TNOn4bG@mail.gmail.com>
From: Zhong Yu <zhong.j.yu@gmail.com>
To: SM <sm@resistor.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: hybi HTTP <hybi@ietf.org>
Subject: Re: [hybi] workability (or otherwise) of HTTP upgrade
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 19:15:15 -0000

On Thu, Dec 9, 2010 at 3:51 AM, SM <sm@resistor.net> wrote:
> Hi Zhong Yu,
> At 22:54 08-12-10, Zhong Yu wrote:
>>
>> WS clients should relax the rules of certificate validation. Don't
>> panic on self-signed certificates like current browsers do which
>> doesn't make any sense. If WSS with self-signed certificates are not
>> treated more badly than plain WS,  frugal application developers don't
>> need to spend any money to use WSS for the purpose of improving
>> success rate. WS server can even automate self-signed certificate so
>> that developers don't need to spend much time either.
>
> See http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-11

Thanks. In section 1.1 Motivation
"In general, a client needs to verify that the server's presented
identity matches its reference identity so it can be sure that the
certificate can legitimately be used to authenticate the connection."

That doesn't necessarily apply here. We don't require that WS
connections are authenticated. Client can already talk to sever in
plain text on unsecured connection. There is no error, no warning. Now
if the connection is encrypted with self-signed certificate, security
is not weakened, so why should client panic and raise the most scary
alarm to user?

One may argue that the semantics of HTTPS requires that server id be
verified. When client makes an HTTPS connection and cannot verify
server id, it is *required* to panic. That makes sense.

We can also imagine an HTTPE protocol, where only encryption is
required, server id verification is optional. This protocol would also
be tremendously useful. It's a shame it doesn't exist, and low budget
web apps are forced to do without encryption.

Since we are designing a new protocol, it's not set in stone yet that
WSS must verify server id. I recommend that WS API allows developers
to turn it off.

  var socket = new WebSocket('wss://example.com');
  socket.allowSelfSignedCertificate();

This is not an API issue only. When we discuss connectivity issues of
WS connections, it's important to know the cost of using TLS to
developers.

When WS client displays connection security property to user, it
certainly shouldn't display such connections as secure as
authenticated connection. On the other hand, it certainly shouldn't
display it as less trustworthy than plaintext connection either.

- Zhong


> I suggest using the certid mailing list (
> https://www.ietf.org/mailman/listinfo/certid ) for any follow up.
>
> Regards,
> -sm
>

v2.23.0 | Report a Bug | By Email