IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Willy Tarreau <w@1wt.eu> Mon, 11 October 2010 05:32 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D5163A6405 for <hybi@core3.amsl.com>; Sun, 10 Oct 2010 22:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.787
X-Spam-Level:
X-Spam-Status: No, score=-2.787 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cZNlR1yMfiGN for <hybi@core3.amsl.com>; Sun, 10 Oct 2010 22:32:51 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 2C8A43A688D for <hybi@ietf.org>; Sun, 10 Oct 2010 22:32:50 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o9B5XsD4013566; Mon, 11 Oct 2010 07:33:54 +0200
Date: Mon, 11 Oct 2010 07:33:54 +0200
From: Willy Tarreau <w@1wt.eu>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <20101011053354.GA12672@1wt.eu>
References: <4CAFA043.10101@caucho.com> <AANLkTi=eo-cjBz160FN0cn53v4-CpDSYaEneqkr_ZP7k@mail.gmail.com> <4CAFAC2B.5000800@caucho.com> <55bva61goeqtn0lifgjt5uihf50obh7kf4@hive.bjoern.hoehrmann.de> <4CAFB9C4.6030905@caucho.com> <AANLkTinv5Ym5jwUEqS76z3UkVa7GpmOBT_WXhBbFK0-m@mail.gmail.com> <20101009055723.GL4712@1wt.eu> <AANLkTimY2DjxgZybibSRtc7L34Wns2KhQC=Wa9K6PYku@mail.gmail.com> <20101009204009.GP4712@1wt.eu> <AANLkTi=Az0RmE1Uipo068zMh3YzgMpM2tQ+zYxaDT47A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTi=Az0RmE1Uipo068zMh3YzgMpM2tQ+zYxaDT47A@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: hybi <hybi@ietf.org>, Bjoern Hoehrmann <derhoermi@gmx.net>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2010 05:32:56 -0000

On Sun, Oct 10, 2010 at 09:17:21PM -0700, Eric Rescorla wrote:
(...)
> Thus, it's quite possible to implement an HTTP server which does not
> deadlock
> without looking at the Connection header at all, simply by having a short
> timeout.

That's what I meant with the "deadlock", we can only end the transfer on
a timeout if the client expects a close and the server does not close.
Even if the timeout is short, it makes the situation very uncomfortable
for the user.

> Moreover, even treating the *presence* of a Connection: close as an
> indication
> of there being no more requests is merely a SHOULD level requirement
> (S 14.10):
> 
>   HTTP/1.1 defines the "close" connection option for the sender to
>    signal that the connection will be closed after completion of the
>    response. For example,
> 
>        Connection: close
> 
>    in either the request or the response header fields indicates that
>    the connection SHOULD NOT be considered `persistent' (section 8.1)
>    after the current request/response is complete.

Indeed, however two lines below the requirement is a MUST for the client :

   An HTTP/1.1 client that does not support persistent connections MUST
   include the "close" connection option in every request message.

> Accordingly, it's not at all clear to me that it's safe to rely on
> Connection: close

Well, the best way to wipe any doubt would be to test it on a variety of
servers.

BTW, I believe that Adam's example was that he could write a program on
a shared server that could return a valid handshake to the CONNECT request.
But since the valid response is a 200, by definition it's an establishment
of a tunnel between both sides, which ends only by the close. So once again
there is no other request on the wire after the handshake (rfc2817, #5.3).

(...)
> I'm not convinced that that's true: Adam has already explained how to make
> a
> content aware load balancer that speaks Websockets, simply by having the
> Host header appear in the encrypted portion.

I don't agree with that point at all. We're doing the same mistake again
that we did with -76 handshake : the intermediaries should not wait for
the connection to be completely established to take a routing decision.
Look at this very common example :

                       <--- hosting provider's infrastructure --->

                                   /---- server farm A
  client --- internet --- content <----- server farm B
                          switch   \---- server farm C

Some server farms are shared and other ones are dedicated to some
customers, which is the typical scenario we find at almost every
hosting provider's, because some customers with very poor code,
high traffic or nasty reputations can cause negative side effects
on other sites if shared on the same farms. Here, an HTTP content
switch (reverse proxy and/or load balancer) will simply look at
the host header and forward the request accordingly to the proper
server.

With Adam's proposed handshake, this is not possible anymore with
currently deployed components. We would have to implement WebSocket in
all front components just so that they can decrypt the host header and
see what farm is supposed to process it, if any at all. Not only this
is not compatible with existing HTTP infrastructure, but doing so makes
the frontend component sensible to new DoS attacks because it has to
maintain a context before even knowing if it has to handle the request.

Regards,
Willy

v2.23.0 | Report a Bug | By Email