Re: [hybi] Upgrade Mechanism and HasMat (was Re: Extensibility mechanisms?)

Maciej Stachowiak <mjs@apple.com> Mon, 26 July 2010 01:44 UTC

MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_8DkPT2AVcSVFxn+QT+C08Q)"
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <AANLkTimDqGJBz9RmBkLp60r98HM7XYaP-40n5v7Xme4H@mail.gmail.com>
Date: Sun, 25 Jul 2010 18:44:37 -0700
Message-id: <AA73542A-5E46-401D-9A61-A113B0F68830@apple.com>
References: <AANLkTims1er0Rbv0ysP4gRs1Kd0He8hapHeJ3nON=JQa@mail.gmail.com> <4C47C5B0.3030006@caucho.com> <AANLkTi=ND-FOH8OoD=TCbiyeSZ-h0LhxQBXN5w-2hfvj@mail.gmail.com> <20100722055452.GL7174@1wt.eu> <AANLkTik_rpxo=1OfzHkwpC5soQG_NxvGuZNXx7gdhVTh@mail.gmail.com> <20100722064945.GM7174@1wt.eu> <AANLkTim7AsQGSwLE51uktj=B1vB6roZChAtDoCrE6fFG@mail.gmail.com> <4C47FF71.3050000@ericsson.com> <18E0FF9C-6C51-4602-92E1-E44802D0D8B5@gbiv.com> <4C481C76.1060907@ericsson.com> <20100722121317.GA12582@1wt.eu> <0E002C06-7F95-47D3-AA86-17DCC13905EF@apple.com> <AANLkTimDqGJBz9RmBkLp60r98HM7XYaP-40n5v7Xme4H@mail.gmail.com>
To: Greg Wilkins <gregw@webtide.com>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Upgrade Mechanism and HasMat (was Re: Extensibility mechanisms?)
Precedence: list

On Jul 25, 2010, at 6:38 PM, Greg Wilkins wrote:

> 
> 
> On 23 July 2010 02:46, Maciej Stachowiak <mjs@apple.com> wrote:
> I originally suggested computing a hash of the nonce with other data (or some other nontrivial computation) rather than just echoing it back.
> 
> Maciej,
> 
> I agree that avoiding a simple echo would be very good protection against almost all forms of injection attack.
> 
> I think the handshake request contains a random token generated after the URL has been passed to the browser. The handshake response could then contain a random token generated after the connection has been accepted, plus a simple hash of the combination of the request and response tokens.

I don't see the value of a random token in the handshake response. How does that provide any additional protection? Anything echoed produced by the server might well be controlled by the cross-protocol attacker, so a random token generated by the server is no more effective than a fixed string.

> 
> This would allow a client to validate that the server had performed websocket specific calculations (in addition to sending a 101 response) and appears to address all the same security concerns that the current space counting and random bytes do.
> 
> I beleive these tokens and hash should be  carried in normal HTTP headers for the upgrade handshake, and that other mechanisms should be considered to address the fast fail detection of non-ws handling intermediaries.

I would have to see a more detailed version of this proposal to evaluate its security. I think it is effectively only as strong as sending a nonce (at an arbitrary place in the request headers), and echoing back a simple hash of that nonce that doesn't include any other data. Which I think is at the weaker end of nonce-based defenses.

Regards,
Maciej

[hybi] Extensibility mechanisms? Justin Erenkrantz
Re: [hybi] Extensibility mechanisms? Thomson, Martin
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? Justin Erenkrantz
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Justin Erenkrantz
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Extensibility mechanisms? Thomson, Martin
Re: [hybi] Extensibility mechanisms? Roberto Peon
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Julian Reschke
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Julian Reschke
Re: [hybi] Extensibility mechanisms? Martin J. Dürst
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? Ian Hickson
[hybi] HTTP is not a disaster. Was: Extensibility… Greg Wilkins
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? Jamie Lokier
Re: [hybi] Extensibility mechanisms? Julian Reschke
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] HTTP is not a disaster. Was: Extensibi… Pieter Hintjens
Re: [hybi] Extensibility mechanisms? Pieter Hintjens
Re: [hybi] Extensibility mechanisms? Bjoern Hoehrmann
[hybi] NAT reset recovery? Was: Extensibility mec… Markus.Isomaki
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] Extensibility mechanisms? Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
[hybi] WebSocket, TLS and intermediaries Vladimir Katardjiev
Re: [hybi] Extensibility mechanisms? Roberto Peon
Re: [hybi] Extensibility mechanisms? Roberto Peon
Re: [hybi] Extensibility mechanisms? Julian Reschke
Re: [hybi] Extensibility mechanisms? Pieter Hintjens
Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
Re: [hybi] NAT reset recovery? Was: Extensibility… Greg Wilkins
Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
Re: [hybi] NAT reset recovery? Was: Extensibility… Thomson, Martin
Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
Re: [hybi] NAT reset recovery? Was: Extensibility… Thomson, Martin
Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
Re: [hybi] NAT reset recovery? Was: Extensibility… Dave Cridland
Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
Re: [hybi] NAT reset recovery? Was: Extensibility… Dave Cridland
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
Re: [hybi] WebSocket, TLS and intermediaries Ian Hickson
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] Extensibility mechanisms? John Tamplin
Re: [hybi] Extensibility mechanisms? Roberto Peon
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? Jack Moffitt
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] WebSocket, TLS and intermediaries Mike Belshe
Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
Re: [hybi] WebSocket, TLS and intermediaries John Tamplin
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
Re: [hybi] Extensibility mechanisms? Roberto Peon
Re: [hybi] WebSocket, TLS and intermediaries Greg Wilkins
Re: [hybi] Extensibility mechanisms? Thomson, Martin
Re: [hybi] WebSocket, TLS and intermediaries Thomson, Martin
Re: [hybi] Extensibility mechanisms? Jamie Lokier
Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
Re: [hybi] Extensibility mechanisms? Willy Tarreau
Re: [hybi] Extensibility mechanisms? Willy Tarreau
Re: [hybi] Extensibility mechanisms? Roberto Peon
Re: [hybi] WebSocket, TLS and intermediaries Julian Reschke
Re: [hybi] Extensibility mechanisms? Simone Bordet
Re: [hybi] Extensibility mechanisms? Simone Bordet
Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Ian Hickson
Re: [hybi] WebSocket, TLS and intermediaries Ian Hickson
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] WebSocket, TLS and intermediaries Mike Belshe
Re: [hybi] WebSocket, TLS and intermediaries Greg Wilkins
Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
Re: [hybi] Extensibility mechanisms? Willy Tarreau
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Extensibility mechanisms? Willy Tarreau
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
[hybi] Upgrade Mechanism and HasMat (was Re: Exte… Salvatore Loreto
Re: [hybi] Extensibility mechanisms? Willy Tarreau
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Salvatore Loreto
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Willy Tarreau
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Willy Tarreau
Re: [hybi] Extensibility mechanisms? Willy Tarreau
Re: [hybi] Extensibility mechanisms? John Tamplin
Re: [hybi] Extensibility mechanisms? Willy Tarreau
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? John Tamplin
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Adam Barth
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Extensibility mechanisms? Mike Belshe
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … John Tamplin
Re: [hybi] Extensibility mechanisms? Willy Tarreau
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
Re: [hybi] Extensibility mechanisms? Simon Pieters
Re: [hybi] Extensibility mechanisms? Greg Wilkins
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Greg Wilkins
Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Jamie Lokier
Re: [hybi] Extensibility mechanisms? Jamie Lokier
Re: [hybi] Extensibility mechanisms? Jamie Lokier
Re: [hybi] Extensibility mechanisms? Jamie Lokier
Re: [hybi] Extensibility mechanisms? Adam Barth
Re: [hybi] Extensibility mechanisms? Scott Ferguson
Re: [hybi] WebSocket, TLS and intermediaries Patrick McManus