Re: [hybi] Review of draft-ietf-hybi-thewebsocketprotocol-13
Alexey Melnikov <alexey.melnikov@isode.com> Sat, 03 September 2011 10:22 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AE0E21F8BBC; Sat, 3 Sep 2011 03:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.722
X-Spam-Level:
X-Spam-Status: No, score=-102.722 tagged_above=-999 required=5 tests=[AWL=-0.123, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f9BFa2jdxwyP; Sat, 3 Sep 2011 03:22:35 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD5821F8BB9; Sat, 3 Sep 2011 03:22:35 -0700 (PDT)
Received: from [188.29.151.204] (188.29.151.204.threembb.co.uk [188.29.151.204]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <TmIARwBpJpR8@rufus.isode.com>; Sat, 3 Sep 2011 11:24:11 +0100
Message-ID: <4E620046.2000400@isode.com>
Date: Sat, 03 Sep 2011 11:24:06 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: "Richard L. Barnes" <rbarnes@bbn.com>
References: <942CCA6B-B784-441B-96CA-3506FFC439E1@bbn.com>
In-Reply-To: <942CCA6B-B784-441B-96CA-3506FFC439E1@bbn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: General Area Review Team <gen-art@ietf.org>, hybi@ietf.org
Subject: Re: [hybi] Review of draft-ietf-hybi-thewebsocketprotocol-13
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Sep 2011 10:22:36 -0000
Richard L. Barnes wrote: >Hey all, > > Hi Richard, Thanks for the re-review and additional comments. My answers below. >I was selected for the Gen-ART review of draft-ietf-hybi-thewebsocketprotocol, and submitted a review during IETF LC: ><> >Since it's coming up for telechat, I thought I would give it a second look. Comments on the diff are below. > >--Richard > > >Section 2, "Implementations MAY impose implementation-specific limits..." >This paragraph has been removed in -13. > No, it got moved to its own section "Implementation-Specific Limits" under the "Security Considerations" >While the "MAY" doesn't specify a requirement, it seems like it would be helpful to implementers in light of the exhaustion/DoS possibilities presented by huge frames and fragmentation. I would even argue that it should be a "SHOULD". > I am Ok with changing MAY to SHOULD. >Section 5.4, "Unless specified otherwise by an extension, frames have no semantic meaning." >This caveat seems to invite breakage, especially since there are no extensions defined and no examples given of what sort of semantics might be attached. > This is an escape clause, in case we need it in the future. But this is not really different from what the document already allows now: interpetation of frame payloads in presence of extensions is up to extensions (modulo the framing structure). >(I'm guessing this has to do with 'deflate'?) At the very least, it seems like there should be a requirement that when an intermediary sees an extension that it doesn't understand, it MUST NOT fragment or coalesce frames. > This requirement is already in the spec. In Section 5.4: o An intermediary MUST NOT change the fragmentation of a message if any reserved bit values are used and the meaning of these values is not known to the intermediary. o An intermediary MUST NOT change the fragmentation of any message in the context of a connection where extensions have been negotiated and the intermediary is not aware of the semantics of the negotiated extensions. >Section 5.4, "Implementation Note: in absence of any extension..." >Same considerations apply here. This note seems to encourage behavior that will cause incompatibility in the future. ISTM that explicit streaming really should be done with smaller, independent frames. > As above. I believe the current text reflects a compromise after an August long debate on the issue. >Section 5.6, "Note that a particular text frame might include a partial UTF-8 sequence, however the whole message MUST contain valid UTF-8" >This requirement is meaningless, since the concept of a "message" is not defined here. > It was defined earlier in the document. >Suggest going back to a requirement that a frame MUST contain valid UTF-8 (i.e., that it breaks at code-point boundaries). > I am afraid there is WG consensus on the current proposal. >Section 8 >Should be moved to Section 5.6. It really only applies to text frames, and even then only if text frames are required to be UTF-8. > I think it also applies to the handshake itself (in presence of possible extensions). >Section 10 >In this section, and overall, it would be helpful if this document could briefly describe the browser/JS model and assign some terms that can be used consistently throughout. > >Section 10.2, "... should only respond with the corresponding "Sec-WebSocket-Accept" if it is an accepted origin. " >If I understand this correctly, the server causes the handshake to fail by omitting the "Accept". > This section doesn't define normative behaviour >Shouldn't it either return an HTTP error or Fail the Websocket Connection_ ? > Yes. Any suggestions how to make this clearer? >Section 10.3, "It is necessary that the masking key is chosen randomly for each frame." >Suggested text: "Clients MUST choose a new masking key for each frame, using an algorithm that cannot be predicted by end applications that provide data. For example, each masking could be drawn from a cryptographically strong random number generator." > Ok, I've inserted your text into my copy of the draft. >Section 10.3, "It is also necessary that once the transmission of a frame from a client has begun, the payload (application supplied data) of that frame must not be capable of being modified by the application." >This seems to further argue against the idea that giant frames are useful. > Yes. >They're clearly not useful for streaming (the opposite is suggested in Section 5.4, see above), since the application would have to provide all the data at once. > >Section 10.3 >This section should note that even given the masking constraints in this document, proxies are still vulnerable to poisoning by non-browser clients that do not perform masking. > >Section 10.4 >Suggest making this a "SHOULD" or even "MUST". If your implementation does not constrain these things, then it will be vulnerable to exhaustion attacks. > Ok. >Section 10.6 >[W3C.REC-wsc-ui-20100812] doesn't actually say anything substantive about how to choose ciphersuites, just that they MUST NOT be on the "export" list. Suggest removing or replacing with a better reference, maybe RFC 3766? > > A change of the reference is probably needed. Not sure if RFC 3766 is suitable though, I need to reread it.
- [hybi] Review of draft-ietf-hybi-thewebsocketprot… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Iñaki Baz Castillo
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Alexey Melnikov
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Willy Tarreau
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Philipp Serafin
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Tobias Oberstein
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Tobias Oberstein
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Iñaki Baz Castillo
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Iñaki Baz Castillo
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Iñaki Baz Castillo
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Tobias Oberstein
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Willy Tarreau
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Tobias Oberstein
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Bjoern Hoehrmann
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Tobias Oberstein
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Tobias Oberstein
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Tobias Oberstein
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Tobias Oberstein
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Iñaki Baz Castillo
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Iñaki Baz Castillo
- Re: [hybi] [Gen-art] Review of draft-ietf-hybi-th… Alexey Melnikov
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Alexey Melnikov
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Richard L. Barnes
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Alexey Melnikov
- Re: [hybi] Review of draft-ietf-hybi-thewebsocket… Greg Wilkins