Re: [hybi] IESG note?, was: Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt> (The WebSocket protocol) to Proposed Standard

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 06 September 2011 21:04 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C86621F8DC8; Tue, 6 Sep 2011 14:04:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.149
X-Spam-Level:
X-Spam-Status: No, score=-106.149 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0PkXgnWr03U; Tue, 6 Sep 2011 14:04:13 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id 1C96121F8DA0; Tue, 6 Sep 2011 14:04:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id D747A15358D; Tue, 6 Sep 2011 22:05:51 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1315343151; bh=Lt7A3vyrb68iDL plb6q3fr43yzEVJB8pfoSObgzUHtg=; b=rxrtqxXm72K6iHs/oWj99zR4ziCWX5 PJP0rOikHCMOrNbIR/ERM+Dpno1pelAUdY93gVnD56c9qbouSE8Ck5Z8y2irgWk2 ElUm5kjOFfmN4ozeC1fc54BkJtrAOMpoRYaNlUdGLoj1iCQDPII3b2dhFrvDntXb kxEZtFN3LxaifGISF71f+LL0xSvOXZdYfaUzDwVXM10x5DWTaP774Mf4u92rJWCd Rn+G2had5wXDnr5QZs8dRX6ZyMTtPyUDNPruDDQzCEPYRgMrRaHdt+2SIyRJwF1d xoQwTqKDCYCdirDDmvbzpNhy4G+dfcocKF0gHssIfaFleztMXj/gqlpA==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id ldqennAxQwDi; Tue, 6 Sep 2011 22:05:51 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.46.17.34]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id A0FBD153585; Tue, 6 Sep 2011 22:05:48 +0100 (IST)
Message-ID: <4E668B2C.4050707@cs.tcd.ie>
Date: Tue, 06 Sep 2011 22:05:48 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version: 1.0
To: "Richard L. Barnes" <rbarnes@bbn.com>
Subject: Re: [hybi] IESG note?, was: Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt> (The WebSocket protocol) to Proposed Standard
References: <20110711140229.17432.23519.idtracker@ietfa.amsl.com> <5355F3EF-DD59-4D3C-9578-84043A3B8E90@gbiv.com> <4E620772.9090900@gmx.de> <4E6228F9.2030108@gmx.de> <20110903194323.GA19164@1wt.eu> <C673E88C-D969-427E-B032-8695C7952253@bbn.com>
In-Reply-To: <C673E88C-D969-427E-B032-8695C7952253@bbn.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Server-Initiated HTTP <hybi@ietf.org>, ietf@ietf.org, Julian Reschke <julian.reschke@gmx.de>, "Roy T. Fielding" <fielding@gbiv.com>, iesg@iesg.org, Willy Tarreau <w@1wt.eu>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2011 21:04:13 -0000

Hi Richard,

On 09/06/2011 06:57 PM, Richard L. Barnes wrote:
> IMO, this is a pretty strong argument against masking, given how low the observed rate of buggy intermediaries is (~0.0017%) and how high the observed rate of malware propagation is.


I'm not sure what you're comparing there. Can you elaborate?

In fact, I'm not sure I get the malware argument. Malware
authors are also free to obfuscate or mask their stuff,
when both sides of the conversation but not the intermediaries
are controlled as would be the case here. Or maybe I'm
missing something?

I personally think the masking thing is pretty ugly. But I
have to (reluctantly) admit I think it does what its
supposed to do. At this stage I think it comes down to
either doing the masking or not using port 80.

Ta,
S.