Re: [hybi] WebSocket handshake (HTTP and SSO)
Scott Ferguson <ferg@caucho.com> Wed, 01 September 2010 16:19 UTC
Return-Path: <ferg@caucho.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA72C3A69E1 for <hybi@core3.amsl.com>; Wed, 1 Sep 2010 09:19:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.526
X-Spam-Level:
X-Spam-Status: No, score=-2.526 tagged_above=-999 required=5 tests=[AWL=0.073, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8jGQhcG9PT2t for <hybi@core3.amsl.com>; Wed, 1 Sep 2010 09:19:52 -0700 (PDT)
Received: from smtp115.biz.mail.mud.yahoo.com (smtp115.biz.mail.mud.yahoo.com [209.191.68.75]) by core3.amsl.com (Postfix) with SMTP id 2E5913A69F5 for <hybi@ietf.org>; Wed, 1 Sep 2010 09:18:59 -0700 (PDT)
Received: (qmail 13899 invoked from network); 1 Sep 2010 16:19:26 -0000
Received: from [192.168.1.11] (ferg@66.92.8.203 with plain) by smtp115.biz.mail.mud.yahoo.com with SMTP; 01 Sep 2010 09:19:26 -0700 PDT
X-Yahoo-SMTP: L1_TBRiswBB5.MuzAo8Yf89wczFo0A2C
X-YMail-OSG: g2aGmo4VM1mQSzS7AgjzEnmOKO69aXnPrrAiuFHl2j74loE MntmmTdIHdJpVfyhXG0KUkv0FBMGd13RShw.coISD5tiQZjyrV7P3GR4nKTM oOO8YGLvpeYAGR1SFZnEWGDKUJ1l.EUJ172QbPXsQbOvdb2xl58PugENvXzu 8_qi4.L03YnBl4OCliHRk0RBqN_Mq2YMy6YjzW6P0ikMJVby1AD7kNrdYpOW A0onpe98XTecp85_xW_FtPPIPzvep83rVoKSw8OAmQhQg1jLjrzxDHaQv4el REuGB7MWDP2lK4gaLtneJsVcL_24BTtmwRdWadnFxQ8a9A8FmE2pKjQ--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4C7E7D04.5000902@caucho.com>
Date: Wed, 01 Sep 2010 09:19:16 -0700
From: Scott Ferguson <ferg@caucho.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Adam Barth <ietf@adambarth.com>
References: <4C7A269F.8020306@gmail.com> <AANLkTinqJ+K-pqm7p7S+aviWVY==S0mJ9RBvNfpnTa02@mail.gmail.com> <AANLkTikCVNoJnKXTOTJadYJWYR356u1wZdVNdBwEh6cg@mail.gmail.com> <AANLkTik3Jo4rG8cTcHerpwPumT_X77bn9y5rDkZ8ZD33@mail.gmail.com> <AANLkTimabr-0gVy1Jpr0=i-Wfv6u-AnD+ReNvb0eajYO@mail.gmail.com> <4C7BDA8F.4080107@caucho.com> <4C7BF060.7070501@isdg.net> <4C7C2A33.6010405@caucho.com> <4C7C746F.1040006@isdg.net> <4C7D2B74.8030702@caucho.com> <4C7D5B20.9030503@isdg.net> <4C7DAECB.7050905@caucho.com> <AANLkTinv-mkMD4LkEZaqmYOjLNBBQ5QHDJHVZ9R=VMyp@mail.gmail.com>
In-Reply-To: <AANLkTinv-mkMD4LkEZaqmYOjLNBBQ5QHDJHVZ9R=VMyp@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: hybi <hybi@ietf.org>, Brodie Thiesfield <brodie@jellycan.com>
Subject: Re: [hybi] WebSocket handshake (HTTP and SSO)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 16:19:53 -0000
Adam Barth wrote: > On Tue, Aug 31, 2010 at 6:39 PM, Scott Ferguson <ferg@caucho.com> wrote: > >> a) To validate the server as websocket server (as opposed to a SMTP server), >> the client creates a securely-generated random nonce, c_nonce and sends it >> in C1. The server sends back a hash in S2, like H(c_nonce, "WebSocket"). >> Since no server other than a websocket server will generate that hash, >> you've verified that the server is a websocket server. >> > > This assumption is not correct. Consider, for example, a protocol > like DNS or an HTTP proxy where the attacker is given some control > over the server's response. We have no guarantee that S2 was actually > generated by the server and not by some other entity and just relayed > by the server. > Yes, and that's a very important point. If the hijacker has access to c_nonce or can predict it (like a non-securely random c_nonce), then the hijacker can generate the hash and trick a non-websocket server into returning it. The browser must absolutely keep the c_nonce secret from the hijacker and prevent the hijacker from computing H(c_nonce, "WebSocket") for the hash validation of the server to work. But if the hijacker can't generate H(c_nonce, "WebSocket") himself, though, he can't trick some non-websocket server into computing that hash. Tricking a server into echoing or simple manipulation, sure, but not forcing a computation of a hash foreign to the server's protocol. (The same issue applies to the current protocol, even though the hash function is different.) -- Scott > Adam > > > >
- [hybi] WebSocket handshake (HTTP and SSO) Brodie Thiesfield
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Eric Rescorla
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Brodie Thiesfield
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Joe Hildebrand
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Gabriel Montenegro
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Willy Tarreau
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins