Re: [hybi] Experiment comparing Upgrade and CONNECT handshakes

Maciej Stachowiak <mjs@apple.com> Wed, 01 December 2010 02:57 UTC

Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45AD13A6CD0 for <hybi@core3.amsl.com>; Tue, 30 Nov 2010 18:57:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.732
X-Spam-Level:
X-Spam-Status: No, score=-106.732 tagged_above=-999 required=5 tests=[AWL=-0.133, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ETKCXng4-1fY for <hybi@core3.amsl.com>; Tue, 30 Nov 2010 18:57:01 -0800 (PST)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by core3.amsl.com (Postfix) with ESMTP id 417683A6CCE for <hybi@ietf.org>; Tue, 30 Nov 2010 18:57:01 -0800 (PST)
Received: from relay14.apple.com (relay14.apple.com [17.128.113.52]) by mail-out3.apple.com (Postfix) with ESMTP id 13929BC056DA for <hybi@ietf.org>; Tue, 30 Nov 2010 18:58:14 -0800 (PST)
X-AuditID: 11807134-b7c8bae0000031f0-9c-4cf5b9c5671f
Received: from gertie.apple.com (gertie.apple.com [17.151.62.15]) by relay14.apple.com (Apple SCV relay) with SMTP id 3D.26.12784.5C9B5FC4; Tue, 30 Nov 2010 18:58:14 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from [17.73.147.175] by gertie.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0LCQ00HMHAWXPX30@gertie.apple.com> for hybi@ietf.org; Tue, 30 Nov 2010 18:58:13 -0800 (PST)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <BB31C4AB95A70042A256109D46199126057903CE@XCH117CNC.rim.net>
Date: Tue, 30 Nov 2010 18:58:08 -0800
Message-id: <73686A90-4ADD-47B7-A7AB-1DC342EFD652@apple.com>
References: <AANLkTim_8g-Cb01si00EkvCK5BtXUx3zHsUee1F6JqsD@mail.gmail.com> <AANLkTimSu1fOGCg0gqX2EFh4v-MkpZuY_-onm3+TO_Z0@mail.gmail.com> <AANLkTimYpdp-75BQSmhAUfyrQv19LvzF1ouznst+ANUG@mail.gmail.com> <AANLkTikbycTS51Ein9ybbZ52zcrViFCNBjCmpRGD3yCk@mail.gmail.com> <AANLkTim=_Ey_7tSJ0H8OKzip-UcwtJ=YMG5wf_f_qnty@mail.gmail.com> <20101127071644.GB26428@1wt.eu> <AANLkTi=Rqu-hm=Jy-GFf706smD8zEHbeD-oP7dNCN6Ro@mail.gmail.com> <20101127161638.GE26428@1wt.eu> <AANLkTi=snwcb8F89KjpD8tQUYSSBr6YF1OdaGgr1e9Xa@mail.gmail.com> <AANLkTi=2M1ubEgR44PL7JpydkaZaOwwimuvhJq=E30+A@mail.gmail.com> <4CF1EFF9.7040803@caucho.com> <AANLkTimotYL70P3Rqwz3uFbf=G3JERkUJqqdEhU6eMEb@mail.gmail.com> <4CF3E676.8040001@caucho.com> <AANLkTimn92qXDa+7HNW79bSSHhEryH0kPCYYbkDsUZRZ@mail.gmail.com> <4CF3F563.3050808@caucho.com> <AANLkTimW3CP-B9TuXhtRYr051eExkMgZPT_Rm7XMp8NK@mail.gmail.com> <AANLkTimgs8Sw_Witxk+T4tx0_+vHiXdA=Hv6b1wQ4mey@mail.gmail.com> <BB31C4AB95A70042A256109D46199126057903CE@XCH117CNC.rim.net>
To: Joe Mason <jmason@rim.com>
X-Mailer: Apple Mail (2.1082)
X-Brightmail-Tracker: AAAAAA==
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Experiment comparing Upgrade and CONNECT handshakes
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Dec 2010 02:57:02 -0000

On Nov 30, 2010, at 4:16 PM, Joe Mason wrote:

>> -----Original Message-----
>> From: hybi-bounces@ietf.org [mailto:hybi-bounces@ietf.org] On Behalf Of
>> Adam Barth
>> Sent: Tuesday, November 30, 2010 6:27 PM
>> To: Brian
>> Cc: Hybi
>> Subject: Re: [hybi] Experiment comparing Upgrade and CONNECT handshakes
>> 
>> That's the most up-to-date version.
>> 
>> Adam
>> 
>> 
>> On Tue, Nov 30, 2010 at 3:03 PM, Brian <theturtle32@gmail.com> wrote:
>>> Adam, since it's been a while and I've lost the link to the new
>>> handshake proposal, can you verify for me (and others) that this is
>>> the most up-to-date version that I should be reading?
>>> 
>>> http://tools.ietf.org/html/draft-abarth-websocket-handshake-01
> 
> I noticed that version uses XOR for masking, while your paper mentioned using AES.  Are you planning to update this proposal to use AES as well?  (Also, now that I've read the thing, here's another vote for rewriting it in declarative style.)

The syntax can perhaps be described declaratively, but some parts will likely have to remain algorithmic. There are specific computations to be done with the fields and particular must-reject conditions which are essential to the security of the handshake. Computing the values of certain fields in the syntax also needs to be done in a particular way, for instance the fact that the client-nonce is to be chosen uniformly at random each time is important, and not really captured by ABNF.

Regards,
Maciej