Re: [hybi] -09: security considerations

Ian Fette (イアンフェッティ) <ifette@google.com> Fri, 17 June 2011 16:56 UTC

Return-Path: <ifette@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4180711E8213 for <hybi@ietfa.amsl.com>; Fri, 17 Jun 2011 09:56:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.57
X-Spam-Level:
X-Spam-Status: No, score=-105.57 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9oOrCvd-niZQ for <hybi@ietfa.amsl.com>; Fri, 17 Jun 2011 09:56:20 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by ietfa.amsl.com (Postfix) with ESMTP id 3CD3F11E820B for <hybi@ietf.org>; Fri, 17 Jun 2011 09:56:11 -0700 (PDT)
Received: from kpbe11.cbf.corp.google.com (kpbe11.cbf.corp.google.com [172.25.105.75]) by smtp-out.google.com with ESMTP id p5HGtsKc025592 for <hybi@ietf.org>; Fri, 17 Jun 2011 09:56:07 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1308329770; bh=Xl8F579BL713uyw5mIGzjG+jds4=; h=MIME-Version:Reply-To:In-Reply-To:References:Date:Message-ID: Subject:From:To:Cc:Content-Type; b=ZN2dxBvAYyR9nxq/zDEI8t9FEo8h1oNZIyYknUvZtI51sgUYuZOjjt8RqWiWbvf8Q OuwxZMMzPqjXeJ+6rrV3Q==
Received: from qyk30 (qyk30.prod.google.com [10.241.83.158]) by kpbe11.cbf.corp.google.com with ESMTP id p5HGtJL6030336 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <hybi@ietf.org>; Fri, 17 Jun 2011 09:55:43 -0700
Received: by qyk30 with SMTP id 30so575814qyk.13 for <hybi@ietf.org>; Fri, 17 Jun 2011 09:55:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=GcFwSj37sRs3vBvaqhmVdk/4k9r4WjzPnFGI/O094yw=; b=jq9YyrwLjD2JjJzl+l1dC6++WMg1MoxcEkJB09Xu1NT1V4QDWNNKgaoMbP6CjdTF7C ejvOebidYd9A8T4A8dXQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=UgPye+7FiRFJ02sXBR/zaggw9o9Gu9Rfrw/H7DKFxQyH/yI/MAxy3fB198q2OpXJrP r2DnXu4zhcSrDf+4uacA==
MIME-Version: 1.0
Received: by 10.229.44.198 with SMTP id b6mr1923977qcf.67.1308329742863; Fri, 17 Jun 2011 09:55:42 -0700 (PDT)
Received: by 10.229.137.137 with HTTP; Fri, 17 Jun 2011 09:55:42 -0700 (PDT)
In-Reply-To: <4DFB8571.4090802@stpeter.im>
References: <4DFB8571.4090802@stpeter.im>
Date: Fri, 17 Jun 2011 09:55:42 -0700
Message-ID: <BANLkTinuHWwwbXs8b+K9=vN+M=2ZDyy0CQ@mail.gmail.com>
From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: multipart/alternative; boundary="0016364184ff928cdd04a5eb4170"
X-System-Of-Record: true
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] -09: security considerations
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ifette@google.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2011 16:56:21 -0000

I would hope that the discussions don't need to be so long. The security
model is based on that of HTTP. Whatever HTTP gives you WS gives you,
whatever HTTPS gives you WSS gives you. WS is at its core a less hacky more
performant version of what people are already doing today in javascript,
it's not some totally new concept.

-Ian

On Fri, Jun 17, 2011 at 9:48 AM, Peter Saint-Andre <stpeter@stpeter.im>wrote:

> First, I am not a member of the security mafia.
>
> However, the security considerations section seems incomplete to me. I
> suggest that the author and WG spend some quality time with RFC 3552
> (and with other RFCs that have good discussions of security) to make
> this section more robust and complete.
>
> Questions to ask and answer include (but are not limited to):
>
> 1. What is the threat model against the architecture assumed in this
> document? (And to answer that question, it would help to more clearly
> explain the architecture.)
>
> 2. How will the protocol address confidentiality?
>
> 3. How will the protocol address data integrity?
>
> 4. How will the protocol address peer entity authentication?
>
> 5. How does the protocol ensure strong security (RFC 3365)?
>
> 6. If certificates are to be used, how are they handled (RFC 6125 and
> RFC 2818)?
>
> 7. What are the mandatory-to-implement TLS ciphersuites?
>
> 8. What are the security considerations related to technologies that are
> reused in WebSocket (e.g., Base 64 and UTF-8)?
>
> 9. What information leaks are possible?
>
> 10. What denial of service attacks (RFC 4732) are possible and what
> measures can be taken to prevent those attacks?
>
> 11. What is the relationship, if any, between the security of the
> WebSocket protocol and the security of HTTP? In what ways does this
> protocol build on HTTP from a security perspective, and in what ways
> does it need additional security mechanisms?
>
> I'm sure the reviewer from the IETF Security Directorate will come up
> with more questions than that, so we need to be prepared.
>
> A personal note: in revising RFC 3920 to produce RFC 6120, I put a great
> deal of thought and time into writing the security considerations
> section, which ended up being 20 pages long. That might be longer than
> necessary here, but I think 2 pages is a bit shy of what we need.
>
> Peter
>
> --
> Peter Saint-Andre
> https://stpeter.im/
>
>
>
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>
>