IETF Logo Mail Archive

Re: [hybi] Upgrade Mechanism and HasMat (was Re: Extensibility mechanisms?)

Maciej Stachowiak <mjs@apple.com> Thu, 22 July 2010 16:46 UTC

Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6A2CC3A6844 for <hybi@core3.amsl.com>; Thu, 22 Jul 2010 09:46:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.561
X-Spam-Level:
X-Spam-Status: No, score=-106.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tgqJsSsksXMS for <hybi@core3.amsl.com>; Thu, 22 Jul 2010 09:46:18 -0700 (PDT)
Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by core3.amsl.com (Postfix) with ESMTP id 76D183A67F4 for <hybi@ietf.org>; Thu, 22 Jul 2010 09:46:18 -0700 (PDT)
Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out4.apple.com (Postfix) with ESMTP id EBD5AA4B0F6D for <hybi@ietf.org>; Thu, 22 Jul 2010 09:46:35 -0700 (PDT)
X-AuditID: 1180711d-b7b98ae000002f4b-6b-4c4875ebf905
Received: from gertie.apple.com (gertie.apple.com [17.151.62.15]) by relay13.apple.com (Apple SCV relay) with SMTP id 35.50.12107.BE5784C4; Thu, 22 Jul 2010 09:46:35 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from [17.151.96.25] by gertie.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0L5Y0050SX9MCV50@gertie.apple.com> for hybi@ietf.org; Thu, 22 Jul 2010 09:46:35 -0700 (PDT)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <20100722121317.GA12582@1wt.eu>
Date: Thu, 22 Jul 2010 09:46:34 -0700
Message-id: <0E002C06-7F95-47D3-AA86-17DCC13905EF@apple.com>
References: <AANLkTims1er0Rbv0ysP4gRs1Kd0He8hapHeJ3nON=JQa@mail.gmail.com> <4C47C5B0.3030006@caucho.com> <AANLkTi=ND-FOH8OoD=TCbiyeSZ-h0LhxQBXN5w-2hfvj@mail.gmail.com> <20100722055452.GL7174@1wt.eu> <AANLkTik_rpxo=1OfzHkwpC5soQG_NxvGuZNXx7gdhVTh@mail.gmail.com> <20100722064945.GM7174@1wt.eu> <AANLkTim7AsQGSwLE51uktj=B1vB6roZChAtDoCrE6fFG@mail.gmail.com> <4C47FF71.3050000@ericsson.com> <18E0FF9C-6C51-4602-92E1-E44802D0D8B5@gbiv.com> <4C481C76.1060907@ericsson.com> <20100722121317.GA12582@1wt.eu>
To: Willy Tarreau <w@1wt.eu>
X-Mailer: Apple Mail (2.1081)
X-Brightmail-Tracker: AAAAAQAAAZE=
Cc: "Roy T. Fielding" <fielding@gbiv.com>, "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Upgrade Mechanism and HasMat (was Re: Extensibility mechanisms?)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2010 16:46:19 -0000

On Jul 22, 2010, at 5:13 AM, Willy Tarreau wrote:

> On Thu, Jul 22, 2010 at 01:24:54PM +0300, Salvatore Loreto wrote:
> (...)
>> however if HTTP experts exclude any vulnerability in the HTTP Upgrade,
>> then a sort of security check right after the end of the Upgrade from 
>> HTTP to Websocket and before the WebSocket starts to exchange data,
>> could solve the problem.
> 
> We must at least keep in mind that we should avoid round-trips as much as
> possible. For that, I think that Greg's proposal of a nonce in a header is
> particularly interesting because it does not add round trips and can be
> made part of the Upgrade handshake itself. The request and response headers
> could then be advertised in the Connection header just like the Upgrade
> header right now. Such a header could possibly be suggested as general use
> for the HTTP Upgrade mechanism instead of being WS-centric.
> 
> The only fear I have right now with the nonce as defined by the WS draft
> is that it makes use of MD5 which comes with a cost. I know at least one
> site dealing with more than 300k concurrent connections at a rate between
> 12 and 18k per second (long polling right now), and I think that computing
> MD5 hashes can significantly impact performance at these rates. If the
> goal is to ensure the response header depends on the request header, we
> may reliably make use of cheaper algorithms.

I originally suggested computing a hash of the nonce with other data (or some other nontrivial computation) rather than just echoing it back. The goal here is to further reduce the risk of cross-protocol attacks by ensuring that a valid response cannot be constructed solely out of fixed pieces and echoing back portions of the request. I don't think it's essential for the algorithm to be MD5; it does not need to be a strong hash. However, it should avoid having trivial mappings for any values. For example, simply XORing two values is a bad idea because if the attacker can arrange for one value to be 0, the correct response is just the other value with no change. I believe MD5 was chosen because it does not have any such trivial flaws, and is available in popular library implementations. CRC would be adequate for this purpose but is not as readily available.

I think it would be worth doing some math to determine the expense of computing MD5 sums at a plausible connection rate. If MD5 can't keep up with your cited rate of 12k-18k connections per second on the relevant target hardware, then we need to re-evaluate.

Regards,
Maciej

v2.23.0 | Report a Bug | By Email