IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets

Carl Wallace <carl@redhoundsoftware.com> Tue, 29 May 2018 19:37 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E9BD12E8A9 for <secdir@ietfa.amsl.com>; Tue, 29 May 2018 12:37:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RscGyubtkqXF for <secdir@ietfa.amsl.com>; Tue, 29 May 2018 12:37:09 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DDDD12E8C3 for <secdir@ietf.org>; Tue, 29 May 2018 12:37:08 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id g14-v6so191201qkm.6 for <secdir@ietf.org>; Tue, 29 May 2018 12:37:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version; bh=NZLNgfgkgaEM5GgYUpMc1SS9UHiMt8bS6qEh4RyjUA8=; b=KBwFvDHrtytjnCpz2GEhoC1jua2n85Z+ORX33RPLs22PXqBOaq1BWp7SJqVK7w6oq2 ncuB/hwVrq9WG/Q80pTxnJFc7GSPG2Te+na+f3PDP3jTZDppxioAWcEPdf0gI9T8zHyg 0p8k6cjRDH/f8LgfPmsv4A0/oTBdGLSxJtnPA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version; bh=NZLNgfgkgaEM5GgYUpMc1SS9UHiMt8bS6qEh4RyjUA8=; b=GNi0LjyLV+dqRyYMxdYkH6c5svKZZndACozicEgQqcpu+IPjFe60iJ8+eOmf7yl2EW 3t41SP4oqrNAnwRZ0+PxEpOXAyJh/BjxYZYrSoxyKeD7vSDVVnGi9Hk1sxC2uL2xYbnq Fc2BcKNbroq0CNLqxmPGxDE8hNmTyr98+4c6+Cu1ADMT7msSSag1leXeYMWQ3eNMkegU 8tiuyZEXgsDIWnAmNfaaZbdbX9M4UqTZ5+YqfL+D3ttP/0hEh91ZCYzG0zt53wbSh4p9 i38DO7E4RC2JMsDkJk64TiTCX7IxW8zGXcIXi4TTuWMZteKPn+W6SGStAocCFcPuLJAN iOoA==
X-Gm-Message-State: ALKqPwfEhNRnTUFOkzb2/rfAn7MIzrf3jILhQSGMw2QJ4awcd7nEBcIM ZcjiZ9OIFj9Ir0D/yFiEkJUaNw==
X-Google-Smtp-Source: ADUXVKLtPnPDIScSiqzhBUn2z3+YIEbfb899Jm4lTqw6JZJFpsjL6HBhKK9MTZwYLu7oGnlogmdMyg==
X-Received: by 2002:a37:d7c1:: with SMTP id t62-v6mr15680453qkt.123.1527622627745; Tue, 29 May 2018 12:37:07 -0700 (PDT)
Received: from [192.168.2.27] (pool-74-96-253-73.washdc.fios.verizon.net. [74.96.253.73]) by smtp.googlemail.com with ESMTPSA id l5-v6sm23681821qtp.25.2018.05.29.12.37.04 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 29 May 2018 12:37:07 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Tue, 29 May 2018 15:37:02 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Patrick McManus <pmcmanus@mozilla.com>
CC: draft-ietf-httpbis-h2-websockets.all@ietf.org, secdir@ietf.org, The IESG <iesg@ietf.org>
Message-ID: <D7332279.B8CA6%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-httpbis-h2-websockets
References: <D73306E9.B8C32%carl@redhoundsoftware.com> <CAOdDvNpiYqG4zpMQgiB2MXjHbL0CTuP9NgXh3AVTkFxeFTCK6Q@mail.gmail.com>
In-Reply-To: <CAOdDvNpiYqG4zpMQgiB2MXjHbL0CTuP9NgXh3AVTkFxeFTCK6Q@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3610453025_11300491"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/8nnbllfuoK0MwXCuCX47UFzZWLA>
Subject: Re: [secdir] secdir review of draft-ietf-httpbis-h2-websockets
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 19:37:13 -0000

Your reasoning makes sense but it requires an awfully careful reading to
counter the clarity of the prohibition on new pseudo-headers. Maybe an
errata could be filed against 7540 to clarify the "alter any aspect of this
protocol" where the prohibition  is asserted for the benefit of future
readers. For example, something like "Endpoints MUST NOT generate
pseudo-header fields other than those defined in this document, except where
support for additional pseudo-headers is negotiated as permitted in section
5.5" would help.

From:  Patrick McManus <pmcmanus@mozilla.com>
Date:  Tuesday, May 29, 2018 at 1:49 PM
To:  Carl Wallace <carl@redhoundsoftware.com>
Cc:  <draft-ietf-httpbis-h2-websockets.all@ietf.org>, <secdir@ietf.org>, The
IESG <iesg@ietf.org>
Subject:  Re: secdir review of draft-ietf-httpbis-h2-websockets

> Hey Carl, thanks for doing this
> 
> On Tue, May 29, 2018 at 1:32 PM, Carl Wallace <carl@redhoundsoftware.com>
> wrote:
>> 
>> The draft-ietf-httpbis-h2-websockets defines a new pseudo-header field in
>> section 4. Section 3 addresses extending HTTP/2 via a reference to section
>> 5.5 of RFC7540, but there was nothing in that section to relax the
>> prohibition on using pseudo-header fields not defined by 7540. Is a mod to
>> 7540 necessary to enable support for the mechanism in
>> draft-ietf-httpbis-h2-websockets?
>> 
> 
> imo no update to 7540 is needed. the wg also considered the question and had
> the same conclusion. I will highlight the reasoning:
> 
> 5.5 <https://tools.ietf.org/html/rfc7540#section-5.5> .  Extending HTTP/2
> 
> 
>    HTTP/2 permits extension of the protocol.  Within the limitations
>    described in this section, protocol extensions can be used to provide
>    additional services or alter any aspect of the protocol.  Extensions
>    are effective only within the scope of a single HTTP/2 connection.
> 
> note "alter any aspect of this protocol"
> [..]
> 
>    Extensions that could change the semantics of existing protocol
>    components MUST be negotiated before being used.
> This is one of the limitations mentioned above.. so the websockets extension
> needs to be negotiated (and it is).
> [..] For example, an
>    extension that changes the layout of the HEADERS frame cannot be used
>    until the peer has given a positive signal that this is acceptable.
>  In this case, it could also be necessary to coordinate when the
>    revised layout comes into effect.  Note that treating any frames
>    other than DATA frames as flow controlled is such a change in
>    semantics and can only be done through negotiation.
> These two examples are also powerful citations that negotiated extensions can
> change the interpretation of basic pieces of 7540 such as existing frame
> layouts and even flow control rules (both of which have MUSTs associated with
> them).
> 
> The whole section is a little bit confusing because it also enumerates a few
> extension points that the websockets draft is not using. But those are
> specifically enumerated because they can be used without negotiated opt-in and
> implementations not aware of the extensions need to take care to keep them
> clean and available for extending (so there are requirements even if you're
> not implementing the extension). As the example paragraph shows, extensions
> are not solely limited to that model.
> 
> Cheers
> -Patrick
> 
> 
>

v2.23.0 | Report a Bug | By Email