Re: [hybi] Masking only Payload/Extension Data
Willy Tarreau <w@1wt.eu> Wed, 09 March 2011 21:41 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B66EB3A6A79 for <hybi@core3.amsl.com>; Wed, 9 Mar 2011 13:41:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k9mHn4+btWCx for <hybi@core3.amsl.com>; Wed, 9 Mar 2011 13:41:01 -0800 (PST)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 900E63A6778 for <hybi@ietf.org>; Wed, 9 Mar 2011 13:41:00 -0800 (PST)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p29LgC4G029538; Wed, 9 Mar 2011 22:42:12 +0100
Date: Wed, 09 Mar 2011 22:42:12 +0100
From: Willy Tarreau <w@1wt.eu>
To: "Pat McManus @Mozilla" <mcmanus@ducksong.com>
Message-ID: <20110309214212.GA29190@1wt.eu>
References: <4D77B885.5050109@callenish.com> <OF36FEDDC6.06951577-ON8825784E.0062343E-8825784E.0066AC27@playstation.sony.com> <AANLkTinau4g1pB_ccJ31u7WRi5npYtHvXE5YRn5uTbeV@mail.gmail.com> <AANLkTikB4YeaYiF_NVGn61c1YxpNWbmEWQZu1WcN+=Jf@mail.gmail.com> <1299704939.2606.238.camel@ds9.ducksong.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1299704939.2606.238.camel@ds9.ducksong.com>
User-Agent: Mutt/1.4.2.3i
Cc: Hybi <hybi@ietf.org>, Yutaka_Takeda@playstation.sony.com
Subject: Re: [hybi] Masking only Payload/Extension Data
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 21:41:01 -0000
On Wed, Mar 09, 2011 at 04:08:59PM -0500, Pat McManus @Mozilla wrote: > On Thu, 2011-03-10 at 07:33 +1100, Greg Wilkins wrote: > > > > > So I think masking is a perfect exemplar for the use of a reserve bit. > > It is completely redundant information for any websocket implementation. > > as for wireshark - it gives one more input into a pile of heuristics > that it already has to use given the lack of a binding between > websockets and tcp frames. Frankly, I don't see what is so hard about > guessing whether or not masking is in play without the bit - especially > with the asymmetric framing. > > And no matter what you do, anything that has thrown away the TCP state > will be flat out guessing anyhow. The trivial case is a websocket > payload which is also valid websocket frame with the payload arranged at > the start of the TCP packet payload. As someone playing all the day with network captures, I totally agree with you on this point. There is no relation between individually captured network packets and streamed contents if you don't have them from the start. Some framed protocols such as HTTP which have massive amounts of headers have their framings more easy to spot, but we managed to make something very cheap network-wise with WS and I suspect that the framing will be indiscernable from binary contents. However, I agree with most of Greg's pros/cons, especially with the one about the protocol design. Having a protocol whose upper layer changes the lower layer framing is really hard to extend, and having two versions of each decoding function in intermediaries is needlessly expensive to maintain. I'd be much more happy with a protocol where something in the framing or handshake indicates that the payload is masked and where the frames are transported in native form. I also like the analogy with HTTP BTW. It is possible (and common) to chunk-encode the transfer of gzipped-encoded contents. When doing so, the HTTP headers are clear-text, the transfer encoding is clear, and the gzipped contents are inserted in chunks. Fortunately we don't gzip the chunk size nor the header, nor do we chunk-encode the headers, otherwise it would become a terrible mess. So +1 from me for mask in the payload with an indication either in the handshake or using a reserved bit, but for considerations of protocol design and longterm extensivity, not just for basic asumptions about what a sniffer could decode in randomly captured packets. Regards, Willy
- [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Yutaka_Takeda
- Re: [hybi] Masking only Payload/Extension Data Pat McManus @Mozilla
- Re: [hybi] Masking only Payload/Extension Data Willy Tarreau
- Re: [hybi] Masking only Payload/Extension Data Joel Martin
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Willy Tarreau
- Re: [hybi] Masking only Payload/Extension Data Joel Martin
- Re: [hybi] Masking only Payload/Extension Data Adam Barth
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Ian Fette (イアンフェッティ)
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Pat McManus @Mozilla
- Re: [hybi] Masking only Payload/Extension Data Andy Green
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Patrick McManus
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data Julian Reschke
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Bruce Atherton
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data David Endicott
- Re: [hybi] Masking only Payload/Extension Data Brian
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Greg Wilkins
- Re: [hybi] Masking only Payload/Extension Data John Tamplin
- Re: [hybi] Masking only Payload/Extension Data Salvatore Loreto