IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Maciej Stachowiak <mjs@apple.com> Wed, 29 September 2010 19:35 UTC

Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 20B673A6CB9 for <hybi@core3.amsl.com>; Wed, 29 Sep 2010 12:35:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.617
X-Spam-Level:
X-Spam-Status: No, score=-106.617 tagged_above=-999 required=5 tests=[AWL=-0.018, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LJNBvk2Y8k9f for <hybi@core3.amsl.com>; Wed, 29 Sep 2010 12:35:48 -0700 (PDT)
Received: from mail-out3.apple.com (mail-out.apple.com [17.254.13.22]) by core3.amsl.com (Postfix) with ESMTP id 890683A6C81 for <hybi@ietf.org>; Wed, 29 Sep 2010 12:35:48 -0700 (PDT)
Received: from relay15.apple.com (relay15.apple.com [17.128.113.54]) by mail-out3.apple.com (Postfix) with ESMTP id EDD99AC04172 for <hybi@ietf.org>; Wed, 29 Sep 2010 12:36:32 -0700 (PDT)
X-AuditID: 11807136-b7b3eae0000066cf-6b-4ca39540781b
Received: from gertie.apple.com (gertie.apple.com [17.151.62.15]) by relay15.apple.com (Apple SCV relay) with SMTP id 62.11.26319.04593AC4; Wed, 29 Sep 2010 12:36:32 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from [17.151.121.9] by gertie.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0L9I006UJX4WZ320@gertie.apple.com> for hybi@ietf.org; Wed, 29 Sep 2010 12:36:32 -0700 (PDT)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <AANLkTikq02dtvyNW9DBohZ8ZRvQnmGnSUse0dNYY6WH8@mail.gmail.com>
Date: Wed, 29 Sep 2010 12:36:32 -0700
Message-id: <9BED6436-E3C1-4F15-9A86-AF2BA41DA297@apple.com>
References: <4CA12810.8020006@caucho.com> <AANLkTimrMfXrnVMjU3f57L_sO7usyYQ56rBM4aMb2Pfr@mail.gmail.com> <20100928052501.GD12373@1wt.eu> <CA8029B0-71A3-44ED-88C6-934FE833BBA2@apple.com> <AANLkTim+fXj-h6OS3OdcfVfh3Q1UwxD8NLVawb=AWHX+@mail.gmail.com> <4FAC5C93-9BDF-4752-AFBC-162D718397AB@apple.com> <AANLkTikcH1W3bQwumqHbe-Yqa3XdoJqCa2b-mZuvoQ7g@mail.gmail.com> <9746E847-DC8B-45A7-ADF3-2ADB9DA7F82E@apple.com> <AANLkTik9igUwoxVrktoBoZrPoUW=Tjh7HyVbGJgQYes-@mail.gmail.com> <9F595226-FA0A-4C38-A6D0-0F4214BD7D21@apple.com> <20100929171550.GB8583@1wt.eu> <AANLkTikq02dtvyNW9DBohZ8ZRvQnmGnSUse0dNYY6WH8@mail.gmail.com>
To: Simone Bordet <simone.bordet@gmail.com>
X-Mailer: Apple Mail (2.1081)
X-Brightmail-Tracker: AAAAAA==
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Sep 2010 19:35:50 -0000

On Sep 29, 2010, at 11:38 AM, Simone Bordet wrote:

> Hi,
> 
> On Wed, Sep 29, 2010 at 19:15, Willy Tarreau <w@1wt.eu> wrote:
>> On Wed, Sep 29, 2010 at 09:47:37AM -0700, Maciej Stachowiak wrote:
>>> The idea is that you make an HTTP request with a header that looks close enough to the WS handshake to fool the server, followed by what appear to be WS messages in the body.
>> 
>> Except that you have the Upgrade header which requires a 101 in
>> response. A normal HTTP server will either :
>>  - ignore the Upgarde and return a classical code (200, 404, 403, ...)
>>  - consider the Upgrade header and either return 101 because it matches
>>    the protocol it supports (WebSocket) or return an error code because
>>    it does not support the WS protocol.
> 
> I think Maciej's point was that the server could interpret a ws
> message before knowing that the client is a real (or good) ws client.
> E.g.
> 
> GET / HTTP/1.1
> ...
> Upgrade: WebSocket
> Content-Length: 0
> <bytes that look like a ws frame>
> 
> The server replies with a 101, then starts reading the bytes
> interpreting them as websocket.
> 
> However, I don't see how this could be interpreted by a ws server in
> the ping-pong handshake that Greg/Scott were proposing: there is no
> way for the client to guess the exact content of the pong message
> before receiving the ping.

In the original proposal, the contents of the ping message were 100% predictable. A variant proposal would make them less predictable by introducing a server nonce. However, the server wouldn't actually have to read the pong contents to process messages. 

My further suggested variant suggests one-time-pad encrypting the frames themselves, which would make it impossible to exchange well-formed frames at all unless the handshake is performed properly. This makes it essentially impossible for the server to be sloppy about the handshake, since it would not work at all in that case, instead of sloppily allowing things it shouldn't. Though as I mentioned, if we start encrypting every message, even using the cheap XOR approach, we're heading down the road to reinventing TLS.

Regards,
Maciej

v2.23.0 | Report a Bug | By Email