IETF Logo Mail Archive

Re: [hybi] Redesigning the Web Socket handshake

Justin Erenkrantz <justin@erenkrantz.com> Wed, 03 February 2010 15:38 UTC

Return-Path: <justin.erenkrantz@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E73453A6839 for <hybi@core3.amsl.com>; Wed, 3 Feb 2010 07:38:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.985
X-Spam-Level:
X-Spam-Status: No, score=-1.985 tagged_above=-999 required=5 tests=[AWL=-0.008, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XKiFJVPkyd-C for <hybi@core3.amsl.com>; Wed, 3 Feb 2010 07:38:10 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id 03E353A6C40 for <hybi@ietf.org>; Wed, 3 Feb 2010 07:38:09 -0800 (PST)
Received: by vws13 with SMTP id 13so345757vws.31 for <hybi@ietf.org>; Wed, 03 Feb 2010 07:38:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type; bh=CzGP7h/+N3zLk2/uhu+CcCD7iVSPJQvR7Oo9PpThEB0=; b=jkwNvEdZL+L9Zang5BHUcHPwquUaEZGQSM1esnmIcSgAtyZks/MZOvHZI5HnY/Wckj H1UpiRz/PcE5v8WeeT+6d/GqyFJY/To/0AtNcq695kn9trM4ZU+/w2f0WQkUVDXBL/Kj P8ACM9qvpkrFSmqg3GsTb4Pz2InH7FpiU/X7A=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=rxMYgPfP9eojgJmSUnPucvUIMuwfiyr9nrJeOms6hNzOd+Yr216ZBDS4ldV1f5xo1S 9pfI5woq6+acNHIXJknL1OYGZsBScCE5tGLRKEtfIxMgJ51VEQQF2xdZJbMA01uromUs snT7/iAZbqB2PX6p/sxW8Of1JSHu+vsZehQmo=
MIME-Version: 1.0
Sender: justin.erenkrantz@gmail.com
Received: by 10.142.66.34 with SMTP id o34mr5146521wfa.239.1265211528495; Wed, 03 Feb 2010 07:38:48 -0800 (PST)
In-Reply-To: <BD4D49B1-6EB0-425E-BA3C-AE34DE826739@apple.com>
References: <Pine.LNX.4.64.1002012305000.21600@ps20323.dreamhostps.com> <4B676E8C.70804@webtide.com> <Pine.LNX.4.64.1002020311030.3846@ps20323.dreamhostps.com> <4B679E2C.2080502@webtide.com> <FD440FEA-9F53-4F4C-8AA5-98B23318F0F7@apple.com> <5c902b9e1002021431w25768b2eu4e21244f080bed25@mail.gmail.com> <9A862D96-FD32-4532-BDBE-AAC5C82DB954@apple.com> <BD4D49B1-6EB0-425E-BA3C-AE34DE826739@apple.com>
Date: Wed, 03 Feb 2010 07:38:48 -0800
X-Google-Sender-Auth: 804dac3204d5d28b
Message-ID: <5c902b9e1002030738j20d6a20dud9154b956c338a28@mail.gmail.com>
From: Justin Erenkrantz <justin@erenkrantz.com>
To: Maciej Stachowiak <mjs@apple.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: hybi@ietf.org
Subject: Re: [hybi] Redesigning the Web Socket handshake
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2010 15:38:11 -0000

On Wed, Feb 3, 2010 at 12:20 AM, Maciej Stachowiak <mjs@apple.com> wrote:
> I asked a security expert to review this and he had two suggestions:
> 1) Include the nonce hash in the status line. The strongest protection
> against cross-protocol attacks comes in the first few bytes, according to
> him, so it should be as early as possible.

The drawback with doing it in the reason is that it is going to be
substantially harder to trust that HTTP/1.1 clients and such get
proper access to the reason.  (And, again, relying upon any bits in
the reason is a violation of HTTP - the reason is *only* intended for
human eyes.  I've seen hands slapped by Roy many times when folks try
to expect that the reason is machine-parsable.)  Due to that, I think
it's an acceptable tradeoff to just put it in the header as originally
suggested.  It will likely still be in the first packet that the
client receives.

> 2) The hash should also include the request origin and some fixed
> WebSocket-specific string (e.g. "WebSocket::"). (He actually suggested 'HMAC
> the string "Web
> Socket::" and origin of WebSocket request using the nonce as a key' but I'm
> not sure if he was serious.)

Using the origin IP introduces a lot of problems when there are
reverse proxies involved.  (Since it seems that prior discussions have
belittled NATs and transparent forward proxies as not being
"relevant", I'll set those aside - but I feel the implementation
challenges are just as relevant there too.)  Try as some might to
fight against it, we should simply realize that most large-scale WS
deployments are going to see some type of reverse proxy sitting in
front of it.  Therefore, the server generating the nonce probably
won't know the origin easily - and will have to rely upon custom
information set by its reverse proxy in front of it to generate the
proper nonce.  On the server-side, knowing the "real" origin IP is a
very error-prone process and probably would give us more grief due to
naive server implementations getting it wrong than we really intend.
There is no HTTP standard for setting the origin IP on the hops, but
most big sites end up setting some custom header out of necessity, but
I expect many basic deployments do not do so.

My $.02.  -- justin

v2.23.0 | Report a Bug | By Email