Re: [hybi] CONNECT handshake text
Dave Cridland <dave@cridland.net> Tue, 07 December 2010 22:20 UTC
Return-Path: <dave@cridland.net>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EABA3A68CF for <hybi@core3.amsl.com>; Tue, 7 Dec 2010 14:20:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.424
X-Spam-Level:
X-Spam-Status: No, score=-2.424 tagged_above=-999 required=5 tests=[AWL=-0.125, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e-2d9LgglCKX for <hybi@core3.amsl.com>; Tue, 7 Dec 2010 14:20:46 -0800 (PST)
Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [IPv6:2001:470:1f09:882:2e0:81ff:fe29:d16a]) by core3.amsl.com (Postfix) with ESMTP id 0ADE03A67FF for <hybi@ietf.org>; Tue, 7 Dec 2010 14:20:45 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id 0792E116810F; Tue, 7 Dec 2010 22:22:11 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net
Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QeHxFSTUmskN; Tue, 7 Dec 2010 22:22:07 +0000 (GMT)
Received: from puncture (puncture.dave.cridland.net [IPv6:2001:470:1f09:882:221:85ff:fe3f:1696]) by peirce.dave.cridland.net (Postfix) with ESMTPA id 9F71A11680FB; Tue, 7 Dec 2010 22:22:06 +0000 (GMT)
References: <AANLkTinEXHBeaUPo4gK2CHbq7ZHYnY2PE3Vb+Oi+K1NM@mail.gmail.com> <AANLkTimgrC2nehYE=Dnt11naKRY55nMzn=zTmzx+AYpH@mail.gmail.com> <AANLkTik4QUxMVTt=NTMq-Wo7GhOX3ie=eHQRMHZ8fEqd@mail.gmail.com> <3605.1291755163.097386@puncture> <AANLkTikhKXCfz45biGOzcNhvvo2zam6omwX-3cSdZNAO@mail.gmail.com> <3605.1291758134.294883@puncture> <AANLkTi=_gRn2C9rzYmEkxqrToCnfFWHbeMEM5W=HsZd8@mail.gmail.com>
In-Reply-To: <AANLkTi=_gRn2C9rzYmEkxqrToCnfFWHbeMEM5W=HsZd8@mail.gmail.com>
MIME-Version: 1.0
Message-Id: <3605.1291760526.624064@puncture>
Date: Tue, 07 Dec 2010 22:22:06 +0000
From: Dave Cridland <dave@cridland.net>
To: John Tamplin <jat@google.com>, "Ian Fette (イアンフェッティ)" <ifette@google.com>, Server-Initiated HTTP <hybi@ietf.org>, Greg Wilkins <gregw@webtide.com>
Content-Type: text/plain; delsp="yes"; charset="us-ascii"; format="flowed"
Subject: Re: [hybi] CONNECT handshake text
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2010 22:20:47 -0000
On Tue Dec 7 21:52:35 2010, John Tamplin wrote: > On Tue, Dec 7, 2010 at 4:42 PM, Dave Cridland <dave@cridland.net> > wrote: > > C->S [Upgrade] > > S->C [101] > > C->S [Pseudo-CONNECT] > > I assume the server has to receive the Pseudo-CONNECT before it can > send user frames, right? So, I would argue that this adds "half" a > round trip. > > Also, we have discussed Hello frames to verify that the connection > is > up and that we can exchange WebSocket frames -- it seems like it > would > be safe to send a S->C hello immediately after the 101 response (as > it > would contain no attacker-controlled bytes). It doesn't verify that > the Pseudo-CONNECT was correctly processed, but you can't get that > without adding another round trip. Right, I think you can keep it to one round-trip, since the CONNECT only has to occur prior to C->S frames, not be received prior to S->C frames. But also, the "Am I talking to a websocket-aware server" is controlled by the response to the upgrade, the CONNECT itself is really only there to minimize the risk of the attacks described in Adam's paper, it's no longer serving double-duty as the primary websocket handshake. Dave. -- Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
- Re: [hybi] CONNECT handshake text Salvatore Loreto
- Re: [hybi] CONNECT handshake text John Tamplin
- Re: [hybi] CONNECT handshake text Dave Cridland
- [hybi] CONNECT handshake text Ian Fette (イアンフェッティ)
- Re: [hybi] CONNECT handshake text Greg Wilkins
- Re: [hybi] CONNECT handshake text Willy Tarreau
- Re: [hybi] CONNECT handshake text Ian Fette (イアンフェッティ)
- Re: [hybi] CONNECT handshake text Ian Fette (イアンフェッティ)
- Re: [hybi] CONNECT handshake text Adam Barth
- Re: [hybi] CONNECT handshake text Dave Cridland
- Re: [hybi] CONNECT handshake text John Tamplin
- Re: [hybi] CONNECT handshake text Dave Cridland
- Re: [hybi] CONNECT handshake text Ian Fette (イアンフェッティ)
- Re: [hybi] CONNECT handshake text Greg Wilkins
- Re: [hybi] CONNECT handshake text Willy Tarreau
- Re: [hybi] CONNECT handshake text Greg Wilkins
- Re: [hybi] CONNECT handshake text Dave Cridland
- Re: [hybi] CONNECT handshake text Greg Wilkins
- Re: [hybi] CONNECT handshake text Simon Pieters
- Re: [hybi] CONNECT handshake text Ian Fette (イアンフェッティ)
- Re: [hybi] CONNECT handshake text Joe Mason
- Re: [hybi] CONNECT handshake text John Tamplin
- Re: [hybi] CONNECT handshake text Adam Barth
- Re: [hybi] CONNECT handshake text Simon Pieters
- Re: [hybi] CONNECT handshake text Ian Fette (イアンフェッティ)
- Re: [hybi] CONNECT handshake text Maciej Stachowiak
- Re: [hybi] CONNECT handshake text Joe Mason
- Re: [hybi] CONNECT handshake text Pat McManus @Mozilla
- Re: [hybi] CONNECT handshake text Maciej Stachowiak
- Re: [hybi] CONNECT handshake text Joe Mason
- Re: [hybi] CONNECT handshake text Julian Reschke
- Re: [hybi] CONNECT handshake text Ian Fette (イアンフェッティ)