Re: [hybi] Experiment comparing Upgrade and CONNECT handshakes

Ian Fette (イアンフェッティ) <ifette@google.com> Sat, 27 November 2010 16:31 UTC

Return-Path: <ifette@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9092D28C0DF for <hybi@core3.amsl.com>; Sat, 27 Nov 2010 08:31:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.676
X-Spam-Level:
X-Spam-Status: No, score=-110.676 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, GB_I_LETTER=-2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VrzYOWUwLriO for <hybi@core3.amsl.com>; Sat, 27 Nov 2010 08:31:53 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id 504E628C0DB for <hybi@ietf.org>; Sat, 27 Nov 2010 08:31:53 -0800 (PST)
Received: from hpaq12.eem.corp.google.com (hpaq12.eem.corp.google.com [172.25.149.12]) by smtp-out.google.com with ESMTP id oARGWwHl031774 for <hybi@ietf.org>; Sat, 27 Nov 2010 08:32:58 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1290875578; bh=IGvQlVoqVZV2COxHSfLpoa/v0vs=; h=MIME-Version:Reply-To:In-Reply-To:References:Date:Message-ID: Subject:From:To:Cc:Content-Type; b=Xe8ZMd1DOa84vxPWMPRVk0UAYAhZUCNhl3x6s4qjA7sT0UmiZFEG/dDv9xFFqOkc7 vsLVTr2xk5oNwv3bP6AHQ==
Received: from iwn8 (iwn8.prod.google.com [10.241.68.72]) by hpaq12.eem.corp.google.com with ESMTP id oARGWur8028376 for <hybi@ietf.org>; Sat, 27 Nov 2010 08:32:57 -0800
Received: by iwn8 with SMTP id 8so1160600iwn.20 for <hybi@ietf.org>; Sat, 27 Nov 2010 08:32:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:received:reply-to :in-reply-to:references:date:message-id:subject:from:to:cc :content-type; bh=zOK1igD06dciKVjMYwBvADqmJXzU8SFZXHrcqyI0RJA=; b=j7+I9HbUSmuG3CgO+MbheYnlaT058jCUtAfeE7aTZT/OExbdTrvZT88cx9ulNlGnEw 8tSGv7N7LdymgKdtNn3A==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=x6X6J6FEteowy/gPX2ktunE5Y0acUhzlPxcQCQyBdBEbKToCIV94yAdO9h3zm/UfTM 1L+hBQnfrxneYv4fdW8A==
MIME-Version: 1.0
Received: by 10.231.12.130 with SMTP id x2mr3097880ibx.138.1290875575796; Sat, 27 Nov 2010 08:32:55 -0800 (PST)
Received: by 10.231.30.204 with HTTP; Sat, 27 Nov 2010 08:32:55 -0800 (PST)
In-Reply-To: <AANLkTi=snwcb8F89KjpD8tQUYSSBr6YF1OdaGgr1e9Xa@mail.gmail.com>
References: <AANLkTim_8g-Cb01si00EkvCK5BtXUx3zHsUee1F6JqsD@mail.gmail.com> <AANLkTimSu1fOGCg0gqX2EFh4v-MkpZuY_-onm3+TO_Z0@mail.gmail.com> <AANLkTimYpdp-75BQSmhAUfyrQv19LvzF1ouznst+ANUG@mail.gmail.com> <AANLkTikbycTS51Ein9ybbZ52zcrViFCNBjCmpRGD3yCk@mail.gmail.com> <AANLkTim=_Ey_7tSJ0H8OKzip-UcwtJ=YMG5wf_f_qnty@mail.gmail.com> <20101127071644.GB26428@1wt.eu> <AANLkTi=Rqu-hm=Jy-GFf706smD8zEHbeD-oP7dNCN6Ro@mail.gmail.com> <20101127161638.GE26428@1wt.eu> <AANLkTi=snwcb8F89KjpD8tQUYSSBr6YF1OdaGgr1e9Xa@mail.gmail.com>
Date: Sat, 27 Nov 2010 08:32:55 -0800
Message-ID: <AANLkTi=2M1ubEgR44PL7JpydkaZaOwwimuvhJq=E30+A@mail.gmail.com>
From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
To: Adam Barth <ietf@adambarth.com>
Content-Type: multipart/alternative; boundary="0003255754162507a604960b64d7"
X-System-Of-Record: true
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Experiment comparing Upgrade and CONNECT handshakes
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ifette@google.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Nov 2010 16:31:54 -0000

On Sat, Nov 27, 2010 at 8:24 AM, Adam Barth <ietf@adambarth.com> wrote:

> On Sat, Nov 27, 2010 at 8:16 AM, Willy Tarreau <w@1wt.eu> wrote:
> > On Sat, Nov 27, 2010 at 07:51:17AM -0800, Eric Rescorla wrote:
> >> What's the argument *for* having an insecure handshake?
> >
> > There's no argument *for* having an insecure handshake, there are
> arguments
> > for having a safe HTTP-compliant handshake.
>
> The handshake we're proposing is both safe and HTTP compliant.
>
> Kind regards,
> Adam
>
>
I really appreciate all the work you and others have done with this paper. I
have a few questions I'd like to ask if you wouldn't mind.

#1, if we changed the non-bogus Host header to be the real host, do you
believe that would have any substantial negative impact?
#2 Is there anything else that is in the handshake proposal that is perhaps
HTTP compliant by the letter but not the spirit? (Other than CONNECT vs
UPGRADE -- I think you've made that case.)

I personally don't care strongly enough about the above to call them a
requirement, but a number of people on this list have raised the HTTP compat
issue so I would like to better understand what that would imply with the
proposal this paper suggests the group move forward with.

-Ian