IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Maciej Stachowiak <mjs@apple.com> Mon, 11 October 2010 09:33 UTC

Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E48743A659A for <hybi@core3.amsl.com>; Mon, 11 Oct 2010 02:33:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.205
X-Spam-Level:
X-Spam-Status: No, score=-104.205 tagged_above=-999 required=5 tests=[AWL=-1.606, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ktPPYDuY8e2 for <hybi@core3.amsl.com>; Mon, 11 Oct 2010 02:33:49 -0700 (PDT)
Received: from eg-mail-out1.apple.com (eg-mail-out1.apple.com [17.112.144.125]) by core3.amsl.com (Postfix) with ESMTP id 938833A690D for <hybi@ietf.org>; Mon, 11 Oct 2010 02:33:49 -0700 (PDT)
Received: from relay8.apple.com (relay8.apple.com [17.116.128.138]) by eg-mail-out1.apple.com (Postfix) with ESMTP id 4AFA181FDA for <hybi@ietf.org>; Mon, 11 Oct 2010 02:35:01 -0700 (PDT)
X-AuditID: 1174808a-b7b47ae000003ecf-72-4cb2da4563db
Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay8.apple.com (Apple SCV relay) with SMTP id 53.5E.16079.54AD2BC4; Mon, 11 Oct 2010 02:35:01 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from [10.0.1.14] ([69.181.196.33]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0LA400B2CD9O5D10@et.apple.com> for hybi@ietf.org; Mon, 11 Oct 2010 02:34:37 -0700 (PDT)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <4CB2D7BD.1070004@opera.com>
Date: Mon, 11 Oct 2010 02:34:36 -0700
Message-id: <9B9FA451-5551-4434-8EC1-BAC834FB9A61@apple.com>
References: <4CAFA043.10101@caucho.com> <AANLkTi=eo-cjBz160FN0cn53v4-CpDSYaEneqkr_ZP7k@mail.gmail.com> <4CAFAC2B.5000800@caucho.com> <55bva61goeqtn0lifgjt5uihf50obh7kf4@hive.bjoern.hoehrmann.de> <4CAFB9C4.6030905@caucho.com> <AANLkTinv5Ym5jwUEqS76z3UkVa7GpmOBT_WXhBbFK0-m@mail.gmail.com> <20101009055723.GL4712@1wt.eu> <AANLkTimY2DjxgZybibSRtc7L34Wns2KhQC=Wa9K6PYku@mail.gmail.com> <20101009204009.GP4712@1wt.eu> <AANLkTi=Az0RmE1Uipo068zMh3YzgMpM2tQ+zYxaDT47A@mail.gmail.com> <20101011053354.GA12672@1wt.eu> <4CB2D7BD.1070004@opera.com>
To: James Graham <jgraham@opera.com>
X-Mailer: Apple Mail (2.1081)
X-Brightmail-Tracker: AAAAAA==
Cc: hybi@ietf.org
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2010 09:33:52 -0000

On Oct 11, 2010, at 2:24 AM, James Graham wrote:

> On 10/11/2010 07:33 AM, Willy Tarreau wrote:
> 
>> Some server farms are shared and other ones are dedicated to some
>> customers, which is the typical scenario we find at almost every
>> hosting provider's, because some customers with very poor code,
>> high traffic or nasty reputations can cause negative side effects
>> on other sites if shared on the same farms. Here, an HTTP content
>> switch (reverse proxy and/or load balancer) will simply look at
>> the host header and forward the request accordingly to the proper
>> server.
>> 
>> With Adam's proposed handshake, this is not possible anymore with
>> currently deployed components. We would have to implement WebSocket in
>> all front components just so that they can decrypt the host header and
>> see what farm is supposed to process it, if any at all. Not only this
>> is not compatible with existing HTTP infrastructure, but doing so makes
>> the frontend component sensible to new DoS attacks because it has to
>> maintain a context before even knowing if it has to handle the request.
> 
> I'm not sure I follow this objection. Unless I am misunderstanding Adam's proposal, all the information needed to access the Host header is in the initial client request; the only additional effort needed is to use the client-sent key to decrypt the headers. According to this understanding, one doesn't have to maintain state across requests just to determine if one will handle the request and, if so, with which back end server.

I agree with this understanding. With Adam's elaborations (not fully detailed in the original proposal), all the routing information is available in the initial client handshake request.

> Is it just the decryption that you believe represents an unmanagable burden?

In the unlikely case that the encryption is an unreasonable burden, I think it's possible to use a trivial form of encryption (XOR with one-time pad) instead of AES-128-CTR. But I think it's probably both safer and typically easier to use a well-known cipher.

Regards,
Maciej

v2.23.0 | Report a Bug | By Email