Re: [hybi] requirement draft as wg item
Maciej Stachowiak <mjs@apple.com> Thu, 13 May 2010 07:05 UTC
Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AE92A3A6A87 for <hybi@core3.amsl.com>; Thu, 13 May 2010 00:05:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.865
X-Spam-Level:
X-Spam-Status: No, score=-104.865 tagged_above=-999 required=5 tests=[AWL=-0.867, BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SMO4hzLYEGQK for <hybi@core3.amsl.com>; Thu, 13 May 2010 00:05:09 -0700 (PDT)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by core3.amsl.com (Postfix) with ESMTP id 1831F3A6A9E for <hybi@ietf.org>; Thu, 13 May 2010 00:05:01 -0700 (PDT)
Received: from relay16.apple.com (relay16.apple.com [17.128.113.55]) by mail-out3.apple.com (Postfix) with ESMTP id 6071E92752BD for <hybi@ietf.org>; Thu, 13 May 2010 00:04:51 -0700 (PDT)
X-AuditID: 11807137-b7c23ae000001561-2a-4beba493db95
Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay16.apple.com (Apple SCV relay) with SMTP id 15.7A.05473.394ABEB4; Thu, 13 May 2010 00:04:51 -0700 (PDT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_X9goze5FEUiTmfC82V3zlA)"
Received: from [17.151.84.28] by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0L2C00KTHJO27E90@et.apple.com> for hybi@ietf.org; Thu, 13 May 2010 00:04:51 -0700 (PDT)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <8B0A9FCBB9832F43971E38010638454F03E7E23798@SISPE7MB1.commscope.com>
Date: Thu, 13 May 2010 00:04:50 -0700
Message-id: <0EF486B7-72A9-497E-9354-599422076B8A@apple.com>
References: <4BE972C5.4060006@ericsson.com> <8B0A9FCBB9832F43971E38010638454F03E7E23798@SISPE7MB1.commscope.com>
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
X-Mailer: Apple Mail (2.1078)
X-Brightmail-Tracker: AAAAAQAAAZE=
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] requirement draft as wg item
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2010 07:05:10 -0000
On May 12, 2010, at 12:00 AM, Thomson, Martin wrote: > Reading through this, it would be easier to maintain if the requirements were numbered separately by section: > > E.g. C1, C2 for client, S1, S2, S3 for server, X1, X2 for security. Sounds like a good change. Does anyone object? > Regarding the following security requirement: > > REQ. 17: The WebSocket Protocol MUST use the Origin-based security > model commonly used by Web browsers to restrict which Web pages > can contact a WebSocket sever when the WebSocket protocol is used > from a Web page. > > It seems that _using_ this model is not what the protocol does. "Supporting" might be a better choice. The attacks that are foiled by the same model are foiled by the browser and its security policy, not the protocol. Same comment for the next requirement. Instead of "use" or "support" I think the right verb phrase would be "MUST work with" or "MUST be compatible with". It's a matter of fitting into the model. It's not clear what it means to use or suport it. > > I'm still not satisfied by the discussion on protocol mimickry. That needs a much longer explanation than the one given. Also, this: > > REQ. 19: WebSocket should be designed to be robust against cross- > protocol attacks. The protocol design should consider and > mitigate the risk presented by WebSocket clients to existing > servers (including HTTP servers). It should also consider and > mitigate the risk to WebSocket servers presented by clients for > other protocols (including HTTP). > > Could be more simply worded as two requirements: > > REQ X-. An HTTP request MUST be difficult for a WebSocket server to mistake for a WebSocket handshake. > > With much more explanation. A simple scenario (as Ian provided me recently) would go a long way. Similarly: > > REQ X-. A WebSocket handshake MUST be difficult for an HTTP server to mistake for a valid HTTP request. > > ...with a similar degree of justification. (Random thought: requiring Content-Length: 0 might be a price worth paying here.) Splitting it into two requirements is reasonable, but I think something more like the original wording will be easier for security reviewers to understand. Regards, Maciej
- [hybi] requirement draft as wg item Salvatore Loreto
- Re: [hybi] requirement draft as wg item Thomson, Martin
- Re: [hybi] requirement draft as wg item Maciej Stachowiak
- Re: [hybi] requirement draft as wg item Mike Belshe
- Re: [hybi] requirement draft as wg item Greg Wilkins
- Re: [hybi] requirement draft as wg item Greg Wilkins
- Re: [hybi] requirement draft as wg item Scott Ferguson