[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hybi] Redesigning the Web Socket handshake

From: Justin Erenkrantz <justin at erenkrantz.com>
To: Maciej Stachowiak <mjs at apple.com>
Cc: hybi at ietf.org
Date: Tue, 2 Feb 2010 22:37:48 -0800
In-reply-to: <9A862D96-FD32-4532-BDBE-AAC5C82DB954 at apple.com>
References: <Pine.LNX.4.64.1002012305000.21600 at ps20323.dreamhostps.com> <4B676E8C.70804 at webtide.com> <Pine.LNX.4.64.1002020311030.3846 at ps20323.dreamhostps.com> <4B679E2C.2080502 at webtide.com> <FD440FEA-9F53-4F4C-8AA5-98B23318F0F7 at apple.com> <5c902b9e1002021431w25768b2eu4e21244f080bed25 at mail.gmail.com> <9A862D96-FD32-4532-BDBE-AAC5C82DB954 at apple.com>

On Tue, Feb 2, 2010 at 9:22 PM, Maciej Stachowiak <mjs at apple.com> wrote:
> Let me start by laying out the security risks in the current handshake. Then I will explain my proposed change and how I believe it addresses them.

Thanks!  For the security stuff, I think it's best if I ponder that
for a few days to see if I can grok where the risks are.  In the
meantime, there is one point that I'd like to ask clarification on:

> To give a concrete example, consider a chat service over WebSocket. Let's say it doesn't check correctness of the handshake, and does authentication in-band. An attacker could construct an HTTP POST body which would look like an authentication message plus a couple of submitted sent messages. True, the attacker cannot read the victim's chat messages, but could send chat messages as the victim. Clearly this would be a significant security breach.

I am trying to understand how a properly implemented WS or HTTP server
would fall into this trap.  For httpd, this would not be feasible -
the code that parses request bodies isn't the same that handles the
protocol.  I'm trying to think of any real server implementations that
would attempt to process an HTTP body that also includes "fake"
requests (but in a different protocol).  Maybe there's a bit of
crafting that I'm just not seeing...

> We could mitigate both of these risks, and also reduce the implementation difficulty for servers and proxies, by changing the handshake. We would remove the requirement for newlines or exact capitalization of the headers. Instead, we could have the browser generate a unique random nonce, which it includes in the handshake request. The server would be required to read it, and respond with a hash of the nonce value.

While I'm not 100% sold on the security rationale for nonce yet (still
pondering it), at the least, the nonce is pretty straightforward to
implement - so, I could certainly be willing to admit I have a blind
spot there and go with the nonce if it means I can implement this in
httpd in an otherwise-straightforward manner.

Thanks again.  -- justin

Follow-Ups:
- Re: [hybi] Redesigning the Web Socket handshake
  - From: Maciej Stachowiak

References:
- [hybi] Redesigning the Web Socket handshake
  - From: Ian Hickson
- Re: [hybi] Redesigning the Web Socket handshake
  - From: Greg Wilkins
- Re: [hybi] Redesigning the Web Socket handshake
  - From: Ian Hickson
- Re: [hybi] Redesigning the Web Socket handshake
  - From: Greg Wilkins
- Re: [hybi] Redesigning the Web Socket handshake
  - From: Maciej Stachowiak
- Re: [hybi] Redesigning the Web Socket handshake
  - From: Justin Erenkrantz
- Re: [hybi] Redesigning the Web Socket handshake
  - From: Maciej Stachowiak

Prev by Date: Re: [hybi] Redesigning the Web Socket handshake
Next by Date: Re: [hybi] Web sockets and existing HTTP stacks
Previous by thread: Re: [hybi] Redesigning the Web Socket handshake
Next by thread: Re: [hybi] Redesigning the Web Socket handshake
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.