IETF Logo Mail Archive

Re: [hybi] WebSockets : Question about masqued frames !

Iñaki Baz Castillo <ibc@aliax.net> Sat, 11 June 2011 06:10 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31DBD9E800B for <hybi@ietfa.amsl.com>; Fri, 10 Jun 2011 23:10:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.654
X-Spam-Level:
X-Spam-Status: No, score=-2.654 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H+hu36JIiXW1 for <hybi@ietfa.amsl.com>; Fri, 10 Jun 2011 23:10:32 -0700 (PDT)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 99F3F9E8009 for <hybi@ietf.org>; Fri, 10 Jun 2011 23:10:32 -0700 (PDT)
Received: by qyk29 with SMTP id 29so197061qyk.10 for <hybi@ietf.org>; Fri, 10 Jun 2011 23:10:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.7.212 with SMTP id e20mr2221732qce.192.1307772628433; Fri, 10 Jun 2011 23:10:28 -0700 (PDT)
Received: by 10.229.189.209 with HTTP; Fri, 10 Jun 2011 23:10:28 -0700 (PDT)
In-Reply-To: <4DF0F6C5.5050807@weelya.com>
References: <002101cc26b7$c8901c20$59b05460$@fr> <4DF0F6C5.5050807@weelya.com>
Date: Sat, 11 Jun 2011 08:10:28 +0200
Message-ID: <BANLkTimfxbcwPmYMcqW=8d22Z8sEpTn6rg@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: Anthony Catel <a.catel@weelya.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: hybi@ietf.org
Subject: Re: [hybi] WebSockets : Question about masqued frames !
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jun 2011 06:10:33 -0000

2011/6/9 Anthony Catel <a.catel@weelya.com>:
> It's mainly because of proxy traversal (please read previous discussions
> about cache poisoning & co)

IMHO this doesn't answer the original question:

> So why not simply imagine a mask whose evolutionary of the Salt was fixed at the start (why not from the handshake key) and whose encryption evolve based on the contents of the frames?

The author of the thread is not suggesting removing the client->server
masking, but just make it predictable (for example from the WS
handshake data) rather than having each frame its own masking key.
Would be any (security) issue in the suggested case? I don't think so,
but just wondering.

-- 
Iñaki Baz Castillo
<ibc@aliax.net>

v2.23.0 | Report a Bug | By Email