Re: [hybi] RFC 6455 Client-Server Masking
Martin Thomson <martin.thomson@gmail.com> Fri, 12 April 2013 19:33 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 943B121F8FD7 for <hybi@ietfa.amsl.com>; Fri, 12 Apr 2013 12:33:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FQKyL9nndAyz for <hybi@ietfa.amsl.com>; Fri, 12 Apr 2013 12:33:40 -0700 (PDT)
Received: from mail-we0-x22a.google.com (mail-we0-x22a.google.com [IPv6:2a00:1450:400c:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 6BD1921F8FDA for <hybi@ietf.org>; Fri, 12 Apr 2013 12:33:40 -0700 (PDT)
Received: by mail-we0-f170.google.com with SMTP id z2so2409332wey.1 for <hybi@ietf.org>; Fri, 12 Apr 2013 12:33:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=vBTgMidsPCACpmq2MsRLuVFFbwZH6KXqpOSDhv9MZ0c=; b=fPkiUVnI8cZ8p0RFRo0nF7kh38OGAWE2nUGV6XQs/tN0PQFqO94F/yXxKsJ1jPyfcc cHf/xX0e2BQ3I6qfGEkqBtTXmxeafpgQrRlV4/s3lSo5uWp8COJgFktUTnmGE1JjQep1 5i485NtRpI+TYXfrjWJfnhsErSx73NwKZU4PbGG1aDcHb7Ko6oUxeokNXgZc+yKx6oXo GmEpFPakolR9DV1A9m6+mMllx7y0xlCXd6xNTcX2CKySiwv/5iKj+cSn9T0ajQrkWxph IngCpEaXj7xDbHhjoWm4WSpvpRw1BWsYY22FwRQ8JXi5Nwtsb3SQ0EkUvoRXCUGZm/I5 i1aw==
MIME-Version: 1.0
X-Received: by 10.180.94.133 with SMTP id dc5mr12955wib.1.1365795219343; Fri, 12 Apr 2013 12:33:39 -0700 (PDT)
Received: by 10.194.41.35 with HTTP; Fri, 12 Apr 2013 12:33:39 -0700 (PDT)
In-Reply-To: <CALr5ZcVe4Pek373d42V3KfcdO07ZJ4w54Gw98VA-NMM4kmGBBw@mail.gmail.com>
References: <5105BF2D.50104@googlemail.com> <C999964D-E0F6-45A7-A0A1-AE36AEAF4315@gmail.com> <CALr5ZcVe4Pek373d42V3KfcdO07ZJ4w54Gw98VA-NMM4kmGBBw@mail.gmail.com>
Date: Fri, 12 Apr 2013 12:33:39 -0700
Message-ID: <CABkgnnX7FFiTXKfLae4ZqTTTsgcnnozRiWXff26gk655iLDaqg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Steven Atkinson <steven.atkinson@kaazing.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "hybi@ietf.org" <hybi@ietf.org>, "denis.m.f.mcmahon@googlemail.com" <denis.m.f.mcmahon@googlemail.com>
Subject: Re: [hybi] RFC 6455 Client-Server Masking
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2013 19:33:41 -0000
Has the working group considered an FAQ? This question (including some of the follow up) are very common. The answer hasn't changed and there is a record of the discussion leading to the specified conclusion. On 12 April 2013 11:30, Steven Atkinson <steven.atkinson@kaazing.com> wrote: > To really boil this down to it's essentials, as far as I understand the > masking, > it's so that proxies cannot be confused or tricked into caching HTTP content > when they are not supposed to. > > Consider using a WebSocket for sending HTTP request messages *within the > envelope* of a WebSocket message. > In this case, we would want to avoid proxies picking up the enveloped > payload by mistake and caching it, otherwise an attacker > could maliciously poison the cache of a proxy by sending HTTP content inside > WebSocket messaging to purposefully control proxy behavior. > > The masking prevents/makes this harder because the payload will no longer > look like HTTP and will be less likely to be misinterpreted by the proxy. > > One perhaps better alternative would have been to never mask, and mandate > that WSS be the default, and that no plain-text WebSockets would be allowed. > That way, we get "confusion" avoidance for intermediaries, but also get > confidentiality and non-repudiation security properties. > > > On Sun, Jan 27, 2013 at 5:26 PM, Brian McKelvey <theturtle32@gmail.com> > wrote: >> >> The purpose of the masking has nothing to do with preventing eavesdropping >> or interception. It's meant to prevent malicious javascript running in a >> web browser from connecting to arbitrary non-websocket services, or from >> tricking http-unaware proxies into doing the attacker's bidding, caching >> malicious data, etc. >> >> It's about preventing browsers from initiating attacks against >> unsuspecting services, not about preventing eavesdropping or securing the >> privacy of data in transit. The use of TLS with WebSockets is required for >> that. >> >> Brian >> >> Sent from my iPhone >> >> On Jan 27, 2013, at 3:58 PM, Denis McMahon >> <denis.m.f.mcmahon@googlemail.com> wrote: >> >> > The unpredictability of the masking key is essential to prevent authors >> > of malicious applications from selecting the bytes that appear on the >> > wire. >> > >> > From this statement, I assume that the purpose of masking is "to prevent >> > authors of malicious applications from selecting the bytes that appear >> > on the wire." >> > >> > -= However =- >> > >> > The masking key is transmitted as part of the packet, and appears as 4 >> > bytes ABCD. This is like sending data inside a locked casket for >> > security, WITH THE KEY SAFELY TIED TO THE CASKET! >> > >> > It follows from the protocol description that to detect any arbitrary >> > sequence of n bytes in length, it is merely necessary to determine the >> > four possible bit sequences that those bytes might represent, and >> > monitor for all four of those bit sequences. >> > >> > The masking sequence for any N bytes of data will be one of four >> > sequences, based on the mask bytes ABCD: >> > >> > 012345678.....n >> > ABCDABCDA...... >> > BCDABCDAB...... >> > CDABCDABC...... >> > DABCDABCD...... >> > >> > Given any sequence b1 ... bn which the attacker wishes to detect, the >> > attacker simply has to combine, for each frame, b1 ... bn with each of >> > the 4 possible sequences of n bytes in length of masking bytes, and >> > listen for all 4 sequences. Computationally this is a trivial exercise! >> > >> > This mechanism does nothing to significantly increase the difficulty of >> > a malicious application listening to the bytes on the wire with the >> > intention of detecting specific patterns. >> > >> > It would be much better if the protocol dropped the masking concept, >> > stated that it makes no attempt to protect data from eavesdropping or >> > interception, and made the recommendation that if data security is >> > desired, then appropriate transport layer security eg RFC 5246 TLS1.2 / >> > RFC 6101 SSL3.0 should be employed. >> > >> > Denis McMahon >> > >> > _______________________________________________ >> > hybi mailing list >> > hybi@ietf.org >> > https://www.ietf.org/mailman/listinfo/hybi >> _______________________________________________ >> hybi mailing list >> hybi@ietf.org >> https://www.ietf.org/mailman/listinfo/hybi > > > > > -- > Sincerely, > Steve Atkinson > Software Engineer >>|< Kaazing Corporation, CA USA >|< > > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi >
- [hybi] RFC 6455 Client-Server Masking Denis McMahon
- Re: [hybi] RFC 6455 Client-Server Masking Brian McKelvey
- Re: [hybi] RFC 6455 Client-Server Masking Steven Atkinson
- Re: [hybi] RFC 6455 Client-Server Masking Martin Thomson
- Re: [hybi] RFC 6455 Client-Server Masking Bruce Atherton