Re: [hybi] Straw-poll on Masking options
Willy Tarreau <w@1wt.eu> Wed, 12 January 2011 23:50 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5AAAD3A686E for <hybi@core3.amsl.com>; Wed, 12 Jan 2011 15:50:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.774
X-Spam-Level:
X-Spam-Status: No, score=-1.774 tagged_above=-999 required=5 tests=[AWL=-0.331, BAYES_00=-2.599, HELO_IS_SMALL6=0.556, J_CHICKENPOX_44=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BIljW9-blLJ for <hybi@core3.amsl.com>; Wed, 12 Jan 2011 15:50:46 -0800 (PST)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 342223A683B for <hybi@ietf.org>; Wed, 12 Jan 2011 15:50:46 -0800 (PST)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p0CNqsZ4028355; Thu, 13 Jan 2011 00:52:54 +0100
Date: Thu, 13 Jan 2011 00:52:54 +0100
From: Willy Tarreau <w@1wt.eu>
To: John Tamplin <jat@google.com>
Message-ID: <20110112235254.GA28336@1wt.eu>
References: <4D2E0863.2040804@ericsson.com> <3CC6CF1C-F01E-4AA4-B99E-AAA76CB6B4A8@apple.com> <20110112223632.GI25018@1wt.eu> <9B9C40C4-1E5F-4E94-A0E6-E9633CBB8ECD@apple.com> <20110112230001.GK25018@1wt.eu> <AANLkTi=rKhTe2++HicG0LgEO8vJ9Wci_TJtjgUTeb9p3@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTi=rKhTe2++HicG0LgEO8vJ9Wci_TJtjgUTeb9p3@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: Joe Hildebrand <Joe.Hildebrand@webex.com>, "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Straw-poll on Masking options
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2011 23:50:47 -0000
On Wed, Jan 12, 2011 at 06:27:19PM -0500, John Tamplin wrote: > On Wed, Jan 12, 2011 at 6:00 PM, Willy Tarreau <w@1wt.eu> wrote: > > > I personally have no objection against the XOR mask involving either or > > both nonces provided that it only applies to payload, so as not to make > > multiplexing impossible later. > > > > I don't think applying the mask to the payload or the entire frame matters > regarding multiplexing - I believe the mux is going to have to unmask the > inner frames anyway [assuming they were masked at all - the initial use case > is a browser implementing muxing talking to a server (or frontend acting as > a server] that implements the MUX extension to reduce the number of > connections). Not necessarily John. Imagine for instance a mux which makes use of the Host+path + maybe some other requests elements to aggregate multiple streams over a single connection and forward it to a server. It will know what stream goes where. However, if it wants to correctly interleave frames, it must know their lengths, which means having access to the framing (which almost only contains the length BTW). Imagine you have two client streams A and B with frames numbered 1 to 4 of various lengths : A : 11222222222333333344444444444 B : 11111122222222333333333333344 The mux would send that to C : A(11)B(111111)A(22222222222)B(2222222)... This does not require decoding the payload though. However, if there is no way to read the framing, multiplexing is not possible. The only ones which will need to read the payload are the ones which will accept the connection on behalf of the server. Since they will share nonces with the client, if the keying depends on nonces, then it will have to decode on one side to recode on the other one, which becomes quite inefficient. Regards, Willy
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- [hybi] Straw-poll on Masking options Salvatore Loreto
- Re: [hybi] Straw-poll on Masking options John Tamplin
- Re: [hybi] Straw-poll on Masking options James Graham
- Re: [hybi] Straw-poll on Masking options Adam Barth
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options Maciej Stachowiak
- Re: [hybi] Straw-poll on Masking options Maciej Stachowiak
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options Dave Cridland
- Re: [hybi] Straw-poll on Masking options John Tamplin
- Re: [hybi] Straw-poll on Masking options Scott Ferguson
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options Thomson, Martin
- Re: [hybi] Straw-poll on Masking options Eric Rescorla
- Re: [hybi] Straw-poll on Masking options John Tamplin
- Re: [hybi] Straw-poll on Masking options Bjoern Hoehrmann
- Re: [hybi] Straw-poll on Masking options Martin J. Dürst
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options John Tamplin
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options John Tamplin
- Re: [hybi] Straw-poll on Masking options Salvatore Loreto
- [hybi] MUX and masking (was Re: Straw-poll on Mas… Salvatore Loreto
- Re: [hybi] Straw-poll on Masking options Greg Wilkins
- Re: [hybi] Straw-poll on Masking options Julian Reschke
- Re: [hybi] Straw-poll on Masking options Daniel Stenberg
- Re: [hybi] Straw-poll on Masking options Jamie Lokier
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options Greg Wilkins
- Re: [hybi] Straw-poll on Masking options Pat McManus @Mozilla
- Re: [hybi] Straw-poll on Masking options Tomas Franzén
- Re: [hybi] Straw-poll on Masking options Cedric Vivier
- Re: [hybi] Straw-poll on Masking options Joshua Bell
- Re: [hybi] Straw-poll on Masking options Bruce Atherton
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options Roberto Peon
- Re: [hybi] Straw-poll on Masking options Maciej Stachowiak
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options Willy Tarreau
- Re: [hybi] Straw-poll on Masking options Salvatore Loreto
- Re: [hybi] Straw-poll on Masking options Maciej Stachowiak
- Re: [hybi] Straw-poll on Masking options Joel Martin
- Re: [hybi] Straw-poll on Masking options Joel Martin
- Re: [hybi] Straw-poll on Masking options Maciej Stachowiak
- [hybi] Security doesn't end here (was: Re: Straw-… Bjoern Hoehrmann
- Re: [hybi] Straw-poll on Masking options Anthony Catel
- Re: [hybi] Straw-poll on Masking options Hervé COMMOWICK
- Re: [hybi] Straw-poll on Masking options Hervé COMMOWICK
- Re: [hybi] Straw-poll on Masking options Gabriel Montenegro
- [hybi] reminder: Straw-poll on Masking options Salvatore Loreto
- Re: [hybi] Straw-poll on Masking options Joonas Lehtolahti
- Re: [hybi] Straw-poll on Masking options Ian Fette (イアンフェッティ)
- Re: [hybi] Straw-poll on Masking options Gabriel Montenegro
- [hybi] CPU vs bandwidth (was Straw-poll on Maskin… Willy Tarreau
- Re: [hybi] Straw-poll on Masking options John Tamplin
- Re: [hybi] Straw-poll on Masking options Ian Fette (イアンフェッティ)
- Re: [hybi] Straw-poll on Masking options Senthilkumar Peelikkampatti
- Re: [hybi] CPU vs bandwidth (was Straw-poll on Ma… Ian Fette (イアンフェッティ)
- Re: [hybi] CPU vs bandwidth (was Straw-poll on Ma… Senthilkumar Peelikkampatti
- Re: [hybi] reminder: Straw-poll on Masking options Jamie Lokier
- Re: [hybi] Security doesn't end here (was: Re: St… Jamie Lokier
- Re: [hybi] CPU vs bandwidth (was Straw-poll on Ma… Ian Fette (イアンフェッティ)
- Re: [hybi] Straw-poll on Masking options Alakkad, Achuth (GE Healthcare)
- Re: [hybi] Straw-poll on Masking options Adam Barth
- Re: [hybi] Straw-poll on Masking options Jamie Lokier
- Re: [hybi] Straw-poll on Masking options Jamie Lokier