IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Patrick McManus <mcmanus@ducksong.com> Mon, 27 September 2010 13:41 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CEA403A6B12 for <hybi@core3.amsl.com>; Mon, 27 Sep 2010 06:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.354
X-Spam-Level:
X-Spam-Status: No, score=-2.354 tagged_above=-999 required=5 tests=[AWL=-0.355, BAYES_00=-2.599, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uthrs1fdQJ3u for <hybi@core3.amsl.com>; Mon, 27 Sep 2010 06:41:08 -0700 (PDT)
Received: from linode.ducksong.com (linode.ducksong.com [64.22.125.164]) by core3.amsl.com (Postfix) with ESMTP id EFAF93A6AFF for <hybi@ietf.org>; Mon, 27 Sep 2010 06:41:07 -0700 (PDT)
Received: by linode.ducksong.com (Postfix, from userid 1000) id 548A0102A5; Mon, 27 Sep 2010 09:41:46 -0400 (EDT)
Received: from [192.168.16.226] (cpe-67-253-92-25.maine.res.rr.com [67.253.92.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by linode.ducksong.com (Postfix) with ESMTPSA id A8B92101F5; Mon, 27 Sep 2010 09:41:38 -0400 (EDT)
From: Patrick McManus <mcmanus@ducksong.com>
To: Adam Barth <ietf@adambarth.com>
In-Reply-To: <AANLkTinRRX7GURvLvHAm5cNY2GXrAoRAEo9WW8S-Ae85@mail.gmail.com>
References: <AANLkTikszM0pVE-0dpZ2kv=i=y5yzS2ekeyZxtz9N=fQ@mail.gmail.com> <62B5CCE3-79AF-4F60-B3A0-5937C9D291D7@apple.com> <AANLkTikKc+4q_Q1+9uDo=ZpFF6S49i6vj2agZOGWVqKm@mail.gmail.com> <E2D38FF3-F1B9-4305-A7FC-A9690D2AEB4A@apple.com> <AANLkTikRYB_suPmSdH3uzGmdynozECRszDx+BpUvtZ4h@mail.gmail.com> <AANLkTikfYOCOm_+g3=QCTFOCo=rYsj8WpX8AS65qgkPm@mail.gmail.com> <AANLkTim0R-cHCKiMw-zA7r+NrQbbiyM2xPLVm8G-shCx@mail.gmail.com> <AANLkTinRRX7GURvLvHAm5cNY2GXrAoRAEo9WW8S-Ae85@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Mon, 27 Sep 2010 09:40:40 -0400
Message-ID: <1285594840.1726.385.camel@ds9.ducksong.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3
Content-Transfer-Encoding: 7bit
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Sep 2010 13:41:08 -0000

On Sun, 2010-09-26 at 23:26 -0700, Adam Barth wrote:

> On the other hand, we can be reasonably assured that the TLS+NPN
> handshake resists cross-protocol attacks. 

>From a NPN advocate I would like to see a strong argument on the
deployabiltiy of a NPN based handshake.

>From some weak research that is open to more information: 

* I'm concerned that it looks like the TLS working group doesn't have
consensus support for NPN. 

* I wonder how settled the draft is? It looks like openssl 1.1.0 has
patches for draft-00, but the draft-ietf is 01.. are they compatible?
Will there be more drafts? Is it advisable to tie the WS timetable to
that uncertainty? (we have uncertainty of our own :()

* I'm concerned that TLS stacks on the server side are deployed
independent of the stacks that will implement websockets and waiting for
them to make the necessary enabling change would create a very
substantial barrier to implementation. It isn't hard to imagine it being
so substantial that -76 would just become the defacto standard even with
uptake of draft-ietf-ws from browser and server authors.

v2.23.0 | Report a Bug | By Email