IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Willy Tarreau <w@1wt.eu> Mon, 11 October 2010 21:11 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2B7593A6B8E for <hybi@core3.amsl.com>; Mon, 11 Oct 2010 14:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.78
X-Spam-Level:
X-Spam-Status: No, score=-2.78 tagged_above=-999 required=5 tests=[AWL=-0.737, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7uF0vBdK+rc for <hybi@core3.amsl.com>; Mon, 11 Oct 2010 14:11:26 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 2EE503A6B86 for <hybi@ietf.org>; Mon, 11 Oct 2010 14:11:22 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o9BLCSkM017595; Mon, 11 Oct 2010 23:12:28 +0200
Date: Mon, 11 Oct 2010 23:12:28 +0200
From: Willy Tarreau <w@1wt.eu>
To: Ian Hickson <ian@hixie.ch>
Message-ID: <20101011211228.GE17225@1wt.eu>
References: <20101009055723.GL4712@1wt.eu> <AANLkTimY2DjxgZybibSRtc7L34Wns2KhQC=Wa9K6PYku@mail.gmail.com> <20101009204009.GP4712@1wt.eu> <AANLkTi=Az0RmE1Uipo068zMh3YzgMpM2tQ+zYxaDT47A@mail.gmail.com> <20101011053354.GA12672@1wt.eu> <4CB2D7BD.1070004@opera.com> <9B9FA451-5551-4434-8EC1-BAC834FB9A61@apple.com> <AANLkTimDc_aqRTtgRpMKhdhk6x+vPGyOPvU3A=6mK9S7@mail.gmail.com> <4CB3373C.5050507@opera.com> <Pine.LNX.4.64.1010112100560.8618@ps20323.dreamhostps.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.64.1010112100560.8618@ps20323.dreamhostps.com>
User-Agent: Mutt/1.4.2.3i
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2010 21:11:31 -0000

Hi Ian,

On Mon, Oct 11, 2010 at 09:04:08PM +0000, Ian Hickson wrote:
> On Mon, 11 Oct 2010, James Graham wrote:
> > 
> > So there is an underlying issue here that I don't understand. It seems 
> > clear to me that Adam and Eric's proposed handshake has a better 
> > security story with regard to cross-protocol attacks than -75, -76, or 
> > any other proposal other than using NPN with TLS. However there seem to 
> > be a number of people who have problems with this proposed handshake to 
> > the extent that they are prepared to forgo the security properties in 
> > order to get something different. In general people seem to be aware 
> > that they are making the security weaker since the arguments are mostly 
> > about how different approaches will probably be good enough in practice 
> > even though they are theoretically inferior.
> > 
> > What I haven't followed is what the problems with the proposal actually 
> > are. I understand that I have likely missed these in other messages, but 
> > it would be helpful if people who believe that the proposed approach, or 
> > aspects of it, are unworkable could summarise the outstanding issues 
> > they see.
> 
> I would like to ask a similar question, but to the people proposing Adam 
> and Eric's latest proposed handshake. What real problem does it solve that 
> NPN with TLS doesn't solve? As you say, it is weaker than NPN with TLS, so 
> why not just go all the way?
> 
> This would have multiple advantages beyond just being more secure, for 
> example we could halve the number of schemes we're introducing, halve the 
> number of handshake implementations on both clients and servers, greatly 
> reduce the testing burden, etc.

And unfortunately prevent content analysis in schools, and be blocked by
default in many enterprises, and probably make virtual hosting impossible,
unless the target resource can be announced in the TLS setup, which I'm
not sure is possible with NPN.

In fact, I think that if the WS work was started, it was to get rid of the
mechanisms relying on long polling. And those mechanisms were invented
because only HTTP passes everywhere. If we propose something which is
not compatible with currently deployed HTTP infrastructures, we'll then
still keep the current mechanisms and have WS proposed as an Nth alternative
for some situations, which will definitely make the situation worse for the
user and for the developer.

That need of compatibility with already deployed HTTP infrastructure seems
to be dismissed too much in this WG in my opinion, and I don't think I'm
wrong to predict a success directly dependant on this compatibility.

Regards,
Willy

v2.23.0 | Report a Bug | By Email