Re: [TLS] Request for review: Next Protocol Negotiation Extension
Michael D'Errico <mike-list@pobox.com> Tue, 17 August 2010 23:30 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E36903A684C for <tls@core3.amsl.com>; Tue, 17 Aug 2010 16:30:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fItTAYafOjtV for <tls@core3.amsl.com>; Tue, 17 Aug 2010 16:30:20 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id 611803A6765 for <tls@ietf.org>; Tue, 17 Aug 2010 16:30:19 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id BB0CFCE82B for <tls@ietf.org>; Tue, 17 Aug 2010 19:30:51 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=b0tqRgfe59BG gJK3kk9+6v5rZcQ=; b=hkS0nLSx479NGMpR/kMNPO/LVSo6UlBeETREA5SgGkYo iV7UyvpFmbBwUoQ3jEkBTiqd7u+htmMZQoaYHAE1YoAfHzpcOL8qufZQh+ZM6XHj +T1UI339Pclh9BiHWKxA8kG3Scgm5LqJx2AHHoz/mlPcttZvJqiRuWkZNeLd4t0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=QL3PGe 0zCWegjRgPtFENRZw/e1e/PEbF1nEXThf5bVWvkBmnety3glu9nuJg53RyzWNA6g ftqD9dOj2VWGH0cgBqFPb9TYYf0MHoyyKTZdGciDSJ/4SFTJ7j1SW4whFXCBrGxB lnKrunaRTvQmjvUlHNibMZM8QdAVNJDFyA5rU=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 7CE08CE82A for <tls@ietf.org>; Tue, 17 Aug 2010 19:30:51 -0400 (EDT)
Received: from iMac.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 04677CE828 for <tls@ietf.org>; Tue, 17 Aug 2010 19:30:50 -0400 (EDT)
Message-ID: <4C6B1BAA.5060303@pobox.com>
Date: Tue, 17 Aug 2010 16:30:50 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: tls@ietf.org
References: <AANLkTi=5H_0hGzxMmfNU0hLS=5psW6J3c2to756OT--7@mail.gmail.com> <4C69938A.9080808@gnutls.org> <AANLkTin3eQHNJPuVuVw09FbPUF4RBk7n9RFbc7EaFbM+@mail.gmail.com> <AANLkTi=dfCZNndm678OFkCZdzRhzfmRvBmZVLUD5-ueF@mail.gmail.com> <4C6AB936.1070801@extendedsubset.com> <AANLkTimgjqQMdwqL_xZXGSG5hSMLqDtYH62t698e_hx9@mail.gmail.com> <4C6AD7EA.4040307@extendedsubset.com> <000401cb3e4f$456f6d60$d04e4820$@briansmith.org>
In-Reply-To: <000401cb3e4f$456f6d60$d04e4820$@briansmith.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 7916D206-AA57-11DF-A2FC-9056EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Subject: Re: [TLS] Request for review: Next Protocol Negotiation Extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2010 23:30:22 -0000
Last night at about midnight I awoke with a revelation
that this whole WebSockets protocol could be a hoax.
But assuming that it is real, here are some things that
concern me:
- You have managed to take a binary-capable
transport (HTTP) and turn it into a text-only
non-binary capable transport.
- The "framing" used to delineate messages sent
over the protocol is sentinel-based similar to
the C programming language string handling that
uses NULL, but WebSockets uses 0xFF since it is
invalid in UTF-8. That means both the sender
and receiver need to scan every byte of every
message for the sentinel, which takes time and
therefore increases latency.
- Any text data that is in a different character
set (e.g. ISO-8859-1) has to be converted to
UTF-8 in order to be sent which adds latency to
the protocol.
- Am I missing something, or why didn't you use
the "chunked" transfer coding of HTTP? It gives
you binary transfer (and therefore you can send
UTF-8 over it too) and eliminates the need to
inspect every byte sent and received. If just
the length was not enough for your framing needs,
I'll point out that you can add chunk extensions
and even send headers after the last chunk, all
without changing HTTP.
- The sentinel-based framing is a problem because
it can be trivially broken by sending FF 00 and
then any payload you want. (This is why the
sender also needs to scan all outbound traffic).
Collectively you are trying to "fix" TLS to solve your
latency problems, but as noted above you have some
things you can do to improve your own protocol first.
As they say, "get your own house in order." Apologies
if that sounds harsh.
Mike
P.S. I hope that this is not the network protocol
version of getting rickrolled.
- [TLS] Request for review: Next Protocol Negotiati… Adam Barth
- Re: [TLS] Request for review: Next Protocol Negot… Eric Rescorla
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Brian Smith
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Peter Sylvester
- Re: [TLS] Request for review: Next Protocol Negot… Brian Smith
- Re: [TLS] Request for review: Next Protocol Negot… Nikos Mavrogiannopoulos
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Brian Smith
- Re: [TLS] Request for review: Next Protocol Negot… Brian Smith
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Adam Barth
- Re: [TLS] Request for review: Next Protocol Negot… Martin Rex
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Steingruebl, Andy
- Re: [TLS] Request for review: Next Protocol Negot… Eric Rescorla
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Geoffrey Keating
- Re: [TLS] Request for review: Next Protocol Negot… Martin Rex
- Re: [TLS] Request for review: Next Protocol Negot… Nikos Mavrogiannopoulos
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Adam Barth
- Re: [TLS] Request for review: Next Protocol Negot… Brian Smith
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Brian Smith
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Adam Barth
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Adam Barth
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Adam Barth
- Re: [TLS] Request for review: Next Protocol Negot… Juho Vähä-Herttua
- Re: [TLS] Request for review: Next Protocol Negot… Brian Smith
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Adam Langley
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Nathaniel W Filardo
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Adam Barth
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Nathaniel W Filardo
- Re: [TLS] Request for review: Next Protocol Negot… Martin Rex
- Re: [TLS] Request for review: Next Protocol Negot… Peter Gutmann
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Martin Rex
- Re: [TLS] Request for review: Next Protocol Negot… Marsh Ray
- Re: [TLS] Request for review: Next Protocol Negot… Michael D'Errico