Re: [RAI] [dispatch] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04

Ben Campbell <ben@nostrum.com> Wed, 29 January 2014 17:12 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: rai@ietfa.amsl.com
Delivered-To: rai@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C33391A047D; Wed, 29 Jan 2014 09:12:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.736
X-Spam-Level:
X-Spam-Status: No, score=-0.736 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AXU80ZwH6S1z; Wed, 29 Jan 2014 09:12:45 -0800 (PST)
Received: from shaman.nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id 915E01A03E9; Wed, 29 Jan 2014 09:12:45 -0800 (PST)
Received: from [10.0.1.29] (cpe-173-172-146-58.tx.res.rr.com [173.172.146.58]) (authenticated bits=0) by shaman.nostrum.com (8.14.3/8.14.3) with ESMTP id s0THCRQf005523 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 29 Jan 2014 11:12:28 -0600 (CST) (envelope-from ben@nostrum.com)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <CALiegf=mn1Lg6ihhf8hamn6rVpkLnF3ydGxm1tK1JaNMaioxoQ@mail.gmail.com>
Date: Wed, 29 Jan 2014 11:12:27 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <009E92F4-DCA2-40A4-8E7A-EF6EB1BB8C06@nostrum.com>
References: <45B84D8F-AD8C-4B28-90DF-9B1C40771104@nostrum.com> <6833E320-7B45-4FC2-853B-62311DCF7E7B@nostrum.com> <A25E55DD-59E3-4F43-BE9A-6304378FAE0B@cisco.com> <CALiegf=mn1Lg6ihhf8hamn6rVpkLnF3ydGxm1tK1JaNMaioxoQ@mail.gmail.com>
To: =?windows-1252?Q?I=F1aki_Baz_Castillo?= <ibc@aliax.net>
X-Mailer: Apple Mail (2.1827)
Received-SPF: pass (shaman.nostrum.com: 173.172.146.58 is authenticated by a trusted mechanism)
Cc: Cullen Jennings <fluffy@cisco.com>, "draft-pd-dispatch-msrp-websocket.all@tools.ietf.org" <draft-pd-dispatch-msrp-websocket.all@tools.ietf.org>, DISPATCH <dispatch@ietf.org>, "rai@ietf.org" <rai@ietf.org>
Subject: Re: [RAI] [dispatch] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04
X-BeenThere: rai@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Real-time Applications and Infrastructure \(RAI\)" <rai.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rai>, <mailto:rai-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rai/>
List-Post: <mailto:rai@ietf.org>
List-Help: <mailto:rai-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rai>, <mailto:rai-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2014 17:12:47 -0000

On Jan 29, 2014, at 10:42 AM, Iñaki Baz Castillo <ibc@aliax.net>; wrote:

> 2014-01-29 Cullen Jennings (fluffy) <fluffy@cisco.com>;:
>> I don’t see why using websockets would require us to get rid of the MUST use TLS.
>> 
>> The security of relays is a total disaster if you don’t have this so if the MUST be security authenticated goes away for relays, then I suspect this mechanisms is too broken to publish.
> 
> Neither I understand why the "MUST use TLS" should be dropped for MSRP
> over WebSocket. I cannot figure out any reasons for getting rid of
> that requirement. If it was valid and appropriate for MSRP over TCP
> then it should also be for MSRP over WebSocket.

The argument (I'm just relaying it, not making it) has been that Websocket implementations do not give the application that level of control over the security aspects of a connection. One could counter-argue that this means those implementations are not appropriate for MSRP (I'm on the fence on that one.)

Can the authors elaborate on the implementation issues? For example, do WebSocket implementations properly handle things like HTTPS URLs?


> 
> Just my opinion.
> 
> 
> -- 
> Iñaki Baz Castillo
> <ibc@aliax.net>;