IETF Logo Mail Archive

Re: [hybi] Moving to a CONNECT-based handshake

"Pat McManus @Mozilla" <mcmanus@ducksong.com> Tue, 07 December 2010 00:39 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47C5828C0D0 for <hybi@core3.amsl.com>; Mon, 6 Dec 2010 16:39:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dVvW4vIEsb6T for <hybi@core3.amsl.com>; Mon, 6 Dec 2010 16:38:57 -0800 (PST)
Received: from linode.ducksong.com (linode.ducksong.com [64.22.125.164]) by core3.amsl.com (Postfix) with ESMTP id D1DD73A68DC for <hybi@ietf.org>; Mon, 6 Dec 2010 16:38:56 -0800 (PST)
Received: by linode.ducksong.com (Postfix, from userid 1000) id 2EDF0101F5; Mon, 6 Dec 2010 19:40:19 -0500 (EST)
Received: from [192.168.16.226] (cpe-67-253-92-25.maine.res.rr.com [67.253.92.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by linode.ducksong.com (Postfix) with ESMTPSA id B7DDA10151 for <hybi@ietf.org>; Mon, 6 Dec 2010 19:40:15 -0500 (EST)
From: "Pat McManus @Mozilla" <mcmanus@ducksong.com>
To: hybi <hybi@ietf.org>
In-Reply-To: <EC93027F-395D-41F5-8771-CA9F8C816BE5@apple.com>
References: <op.vmzqkhszidj3kv@simon-pieterss-macbook.local> <EC93027F-395D-41F5-8771-CA9F8C816BE5@apple.com>
Content-Type: text/plain; charset="UTF-8"
Date: Mon, 06 Dec 2010 19:40:37 -0500
Message-ID: <1291682437.2315.1964.camel@ds9.ducksong.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3
Content-Transfer-Encoding: 7bit
Subject: Re: [hybi] Moving to a CONNECT-based handshake
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2010 00:39:00 -0000

> On Nov 30, 2010, at 7:56 AM, Simon Pieters wrote:
> > At Opera we do not plan to implement the new framing until the spec
> >uses a CONNECT-based handshake.

On Tue, 2010-11-30 at 10:24 -0800, Maciej Stachowiak @ Apple wrote:
> We would be hesitant to ship protocol updates that do not fix the
> handshake. Given the security issues identified by the paper from Adam
> and company, we would even consider disabling WebSocket entirely in 

To keep the group apprised of other deployments - the Firefox team is
concerned about the severe implications of a cache poisoning attack
against any of the possible drafts (-76 through -03). I want to publicly
thank Adam, Eric, and the rest of their team for doing the work to
generate a real Internet experiment on a reasonable scale. Such things
are very valuable contributions, even if they don't contain every detail
we might all like to see, are a lot of work, and are all together far
too rare.

Even though the experiment didn't illustrate an exploitable proxy with
any flavor of websocket framing included on the attack vector, given the
liberal parsing culture that surrounds HTTP it seems reasonable to
expect such an implementation may exist and we are uncomfortable
shipping code that could be used to exploit it.

Combining the impact of the risk with the fact that the protocol is
going to evolve and invalidate any shipped implementation anyhow, we
intend to disable by default our Websockets implementation for Firefox
4.0 via a new configuration item. Folks that want to use the -76
implementation to develop against the Javascript API will need to turn
that on explicitly.

I look forward to working with the working group to make a safe and
secure handshake and protocol. As events warrant we will update that old
-76 implementation to a forthcoming revision and re-enable it by default
in a follow-on release. The details of that are unknown right now and,
frankly, subject to the progress of the working group.

-Patrick

-- 
http://www.getfirefox.com/

v2.23.0 | Report a Bug | By Email