IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Adam Barth <ietf@adambarth.com> Mon, 11 October 2010 21:12 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A0AB03A6B8C for <hybi@core3.amsl.com>; Mon, 11 Oct 2010 14:12:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.684
X-Spam-Level:
X-Spam-Status: No, score=-1.684 tagged_above=-999 required=5 tests=[AWL=-0.307, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 333JwoNzwjLi for <hybi@core3.amsl.com>; Mon, 11 Oct 2010 14:12:21 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by core3.amsl.com (Postfix) with ESMTP id 5B4B23A6B8B for <hybi@ietf.org>; Mon, 11 Oct 2010 14:12:21 -0700 (PDT)
Received: by qyk36 with SMTP id 36so1403336qyk.10 for <hybi@ietf.org>; Mon, 11 Oct 2010 14:13:32 -0700 (PDT)
Received: by 10.224.66.29 with SMTP id l29mr4922784qai.239.1286831610135; Mon, 11 Oct 2010 14:13:30 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id mz11sm3742275qcb.3.2010.10.11.14.13.28 (version=SSLv3 cipher=RC4-MD5); Mon, 11 Oct 2010 14:13:29 -0700 (PDT)
Received: by iwn10 with SMTP id 10so5186244iwn.31 for <hybi@ietf.org>; Mon, 11 Oct 2010 14:13:27 -0700 (PDT)
Received: by 10.42.15.20 with SMTP id j20mr2201530ica.247.1286831607213; Mon, 11 Oct 2010 14:13:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.31.4 with HTTP; Mon, 11 Oct 2010 14:12:56 -0700 (PDT)
In-Reply-To: <Pine.LNX.4.64.1010112100560.8618@ps20323.dreamhostps.com>
References: <4CAFA043.10101@caucho.com> <AANLkTi=eo-cjBz160FN0cn53v4-CpDSYaEneqkr_ZP7k@mail.gmail.com> <4CAFAC2B.5000800@caucho.com> <55bva61goeqtn0lifgjt5uihf50obh7kf4@hive.bjoern.hoehrmann.de> <4CAFB9C4.6030905@caucho.com> <AANLkTinv5Ym5jwUEqS76z3UkVa7GpmOBT_WXhBbFK0-m@mail.gmail.com> <20101009055723.GL4712@1wt.eu> <AANLkTimY2DjxgZybibSRtc7L34Wns2KhQC=Wa9K6PYku@mail.gmail.com> <20101009204009.GP4712@1wt.eu> <AANLkTi=Az0RmE1Uipo068zMh3YzgMpM2tQ+zYxaDT47A@mail.gmail.com> <20101011053354.GA12672@1wt.eu> <4CB2D7BD.1070004@opera.com> <9B9FA451-5551-4434-8EC1-BAC834FB9A61@apple.com> <AANLkTimDc_aqRTtgRpMKhdhk6x+vPGyOPvU3A=6mK9S7@mail.gmail.com> <4CB3373C.5050507@opera.com> <Pine.LNX.4.64.1010112100560.8618@ps20323.dreamhostps.com>
From: Adam Barth <ietf@adambarth.com>
Date: Mon, 11 Oct 2010 14:12:56 -0700
Message-ID: <AANLkTi=MYEH1GgvtSND4+JXQ73rSaDYKYWA48OVfjP_7@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2010 21:12:22 -0000

On Mon, Oct 11, 2010 at 2:04 PM, Ian Hickson <ian@hixie.ch> wrote:
> On Mon, 11 Oct 2010, James Graham wrote:
>> So there is an underlying issue here that I don't understand. It seems
>> clear to me that Adam and Eric's proposed handshake has a better
>> security story with regard to cross-protocol attacks than -75, -76, or
>> any other proposal other than using NPN with TLS. However there seem to
>> be a number of people who have problems with this proposed handshake to
>> the extent that they are prepared to forgo the security properties in
>> order to get something different. In general people seem to be aware
>> that they are making the security weaker since the arguments are mostly
>> about how different approaches will probably be good enough in practice
>> even though they are theoretically inferior.
>>
>> What I haven't followed is what the problems with the proposal actually
>> are. I understand that I have likely missed these in other messages, but
>> it would be helpful if people who believe that the proposed approach, or
>> aspects of it, are unworkable could summarise the outstanding issues
>> they see.
>
> I would like to ask a similar question, but to the people proposing Adam
> and Eric's latest proposed handshake. What real problem does it solve that
> NPN with TLS doesn't solve? As you say, it is weaker than NPN with TLS, so
> why not just go all the way?

I'd prefer to use TLS+NPN, but we put forward the newer proposal as a
compromise.  Technically, the cost of using NPN+TLS is one additional
network RT and the need to involve/update your TLS library to set up a
WebSocket server.

> This would have multiple advantages beyond just being more secure, for
> example we could halve the number of schemes we're introducing, halve the
> number of handshake implementations on both clients and servers, greatly
> reduce the testing burden, etc.

Indeed.

Adam

v2.23.0 | Report a Bug | By Email