IETF Logo Mail Archive

Re: [hybi] Masking only Payload/Extension Data

Willy Tarreau <w@1wt.eu> Thu, 10 March 2011 10:38 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01F6E3A68B5 for <hybi@core3.amsl.com>; Thu, 10 Mar 2011 02:38:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[AWL=-0.306, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bbt36ttorOq6 for <hybi@core3.amsl.com>; Thu, 10 Mar 2011 02:38:03 -0800 (PST)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id EBCEC3A68D7 for <hybi@ietf.org>; Thu, 10 Mar 2011 02:38:02 -0800 (PST)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p2AAdEET000597; Thu, 10 Mar 2011 11:39:14 +0100
Date: Thu, 10 Mar 2011 11:39:14 +0100
From: Willy Tarreau <w@1wt.eu>
To: Brian <theturtle32@gmail.com>
Message-ID: <20110310103914.GA32389@1wt.eu>
References: <4D77B885.5050109@callenish.com> <OF36FEDDC6.06951577-ON8825784E.0062343E-8825784E.0066AC27@playstation.sony.com> <AANLkTinau4g1pB_ccJ31u7WRi5npYtHvXE5YRn5uTbeV@mail.gmail.com> <AANLkTikB4YeaYiF_NVGn61c1YxpNWbmEWQZu1WcN+=Jf@mail.gmail.com> <1299704939.2606.238.camel@ds9.ducksong.com> <20110309214212.GA29190@1wt.eu> <AANLkTi=i=8aWg=6+T7=Kn5dWeKkW6MYVCH_CuNkt_ZMM@mail.gmail.com> <AANLkTimip9o0RoZaBfONCmg5nuJVWXjOKDKgAt8zrNVV@mail.gmail.com> <AANLkTikbFBeM6+hiURSBqxFyjc2Wc-yh8UJnZiO+U0JX@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTikbFBeM6+hiURSBqxFyjc2Wc-yh8UJnZiO+U0JX@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Masking only Payload/Extension Data
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2011 10:38:07 -0000

On Thu, Mar 10, 2011 at 02:25:28AM -0800, Brian wrote:
> By my count, we have six voices in favor so far, including myself:
> Andy Green
> Ytaka Takeda
> Greg Wilkins
> Willy Tarreau
> Joel Martin
> Brian McKelvey
> 
> One on record as not having a strong opinion one way or the other:
> Ian Fette
> 
> And one opposed:
> Adam Barth
> 
> 
> Adam's curt and patronizing reply is once again unenlightening as to
> any viable reason why we need to mask the frame header as well as the
> payload, beyond just his gut feeling on the matter.  I'd like to
> re-assert that since the only field under a potential hacker's control
> is the length (and potentially rsv bits via undefined extensions in
> the future) that the practical possibility of the frame header being
> used for an attack that actually accomplishes anything is so remote
> it's utterly laughable.

I'd like to add that it's important to remember that this controllable
length is not even at the beginning of the frame, and that there are
uncontrollable bytes before.

Regards,
Willy

v2.23.0 | Report a Bug | By Email