Re: [hybi] Masked framing VS mask in frame
"Pat McManus @Mozilla" <mcmanus@ducksong.com> Tue, 01 March 2011 14:37 UTC
Return-Path: <mcmanus@ducksong.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C4443A67B2 for <hybi@core3.amsl.com>; Tue, 1 Mar 2011 06:37:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VokkvtKNlmKW for <hybi@core3.amsl.com>; Tue, 1 Mar 2011 06:37:12 -0800 (PST)
Received: from linode.ducksong.com (linode.ducksong.com [64.22.125.164]) by core3.amsl.com (Postfix) with ESMTP id 10A333A67A8 for <hybi@ietf.org>; Tue, 1 Mar 2011 06:37:11 -0800 (PST)
Received: by linode.ducksong.com (Postfix, from userid 1000) id 992BD10442; Tue, 1 Mar 2011 09:38:14 -0500 (EST)
Received: from [192.168.16.226] (cpe-67-253-92-25.maine.res.rr.com [67.253.92.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by linode.ducksong.com (Postfix) with ESMTPSA id 1B23E101F6; Tue, 1 Mar 2011 09:38:10 -0500 (EST)
From: "Pat McManus @Mozilla" <mcmanus@ducksong.com>
To: Greg Wilkins <gregw@intalio.com>
In-Reply-To: <AANLkTikhwPbc=5wZMK3E-gREmOuDFhoyhGsEWOxh=VZz@mail.gmail.com>
References: <AANLkTindH-Eu8GvsdtG7dgr+8MpQaaeRA7KTEBGz0sh-@mail.gmail.com> <AANLkTi=65LMo=kUv5uKNM5DeUNKFtnY6xks2UgsFEEWq@mail.gmail.com> <AANLkTi=2fUyryrRGDcS5Bqb-C2YPhRqJuKwUUkZnCBOu@mail.gmail.com> <AANLkTinjmXiYy3f_XFDAazwEYW1vw2gu92sWKJckm=s5@mail.gmail.com> <AANLkTikjM=O2QEBdu8DYeSQinN_i4HSozz5w9Hg1HBt5@mail.gmail.com> <AANLkTinrLf_7DUGE3ko4xBOd1L3NZBhqGK+OLn_DB51F@mail.gmail.com> <AANLkTim6wsce_eYvt2_N+43K1f=JtbfJQsyqb=s0JNhs@mail.gmail.com> <AANLkTikkSxF60H-pZgxcz0SXgozsG4gJ2xEgMweNRwJs@mail.gmail.com> <AANLkTi=7VMnwWSUxU7yTa49dShP0FVVzeSpX6gVNAGpM@mail.gmail.com> <A5CFA133-90EF-4AFD-BB50-41365DDDAB84@gmail.com> <AANLkTin9cUwb80grTPJCgTWoCjc31z3J8D5ekzeAanuU@mail.gmail.com> <23EC9206-34BB-454E-888F-4F41D4B24F9A@gmail.com> <AANLkTikvNHND6GKjyDwR85ts2+d66Amw0bA_XVL+FhQt@mail.gmail.com> <30DBC9B6-A495-4CD9-8CBF-E79FD713B1D2@gmail.com> <AANLkTi=UKMeROxs_sEvJG6w+PC+jfsboLRRGtU+OSj0W@mail.gmail.com> <AANLkTimeXJiQy9U7UQKMB-X_Tjys-sJHy+5N+eewaEWi@mail.gmail.com> <569915DD-DE46-4B3D-85FE-B14D18639936@gmail.com> <AANLkTim_cfDz8_S+eBXp6OPD85mt-4MRVv0CZuze+B0H@mail.gmail.com> <AANLkTikYkaj6z9CtUeJ5YrBQWtVXWaObyUOdvQMzREFq@mail.gmail.com> <AANLkTi=N=sEbwU4OCav+0me0-6mMMs_o6Qs8swwO8pDw@mail.gmail.com> <AANLkTikhwPbc=5wZMK3E-gREmOuDFhoyhGsEWOxh=VZz@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 01 Mar 2011 09:37:47 -0500
Message-ID: <1298990267.2498.668.camel@ds9.ducksong.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3
Content-Transfer-Encoding: 7bit
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Masked framing VS mask in frame
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2011 14:37:13 -0000
On Tue, 2011-03-01 at 15:42 +1100, Greg Wilkins wrote: > However, I do not think > they have well communicated the technical case against it. * The mask increases the security properties of the protocol by making it safe for transmission across transparent http proxies with certain classes of bugs. This is true for both server (i.e. attacker) provided data as well more generally true other data sources that should be masked for transport across legacy http. The hybi archives might qualify as such a data source. * The mask is incredibly cheap to implement. You can do XOR at the rate of your memory bandwidth. The benefit to "optimizing it away" is at best marginal even in high bandwidth scenarios. * transparent and silent proxies are infrastructure elements and their presence are not always known to clients at extension negotiation time. Even clients such as websocket intermediaries may not be aware of them, or they may come and go as routing schemes change. --> consistent application of masking makes websockets a generally more robust protocol at an insignificant cost. Creating a path for the defense to be disabled is penny wise pound foolish.
- [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Julian Reschke
- Re: [hybi] Masked framing VS mask in frame Willy Tarreau
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame Iñaki Baz Castillo
- Re: [hybi] Masked framing VS mask in frame Alexander Philippou
- Re: [hybi] Masked framing VS mask in frame David Endicott
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame Bruce Atherton
- [hybi] Indicator in frame whether it is masked (w… Bruce Atherton
- Re: [hybi] Indicator in frame whether it is maske… John Tamplin
- Re: [hybi] Masked framing VS mask in frame Adam Barth
- Re: [hybi] Indicator in frame whether it is maske… Bruce Atherton
- Re: [hybi] Indicator in frame whether it is maske… John Tamplin
- Re: [hybi] Indicator in frame whether it is maske… Bruce Atherton
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Brian
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame Pat McManus @Mozilla
- Re: [hybi] Masked framing VS mask in frame Pat McManus @Mozilla
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Pat McManus @Mozilla
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Brodie Thiesfield
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Pat McManus @Mozilla
- Re: [hybi] Masked framing VS mask in frame Cedric Vivier
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame John Tamplin
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins
- Re: [hybi] Masked framing VS mask in frame Bruce Atherton
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame Brian McKelvey
- Re: [hybi] Masked framing VS mask in frame Martin J. Dürst
- Re: [hybi] Masked framing VS mask in frame Martin J. Dürst
- Re: [hybi] Masked framing VS mask in frame Andy Green
- Re: [hybi] Masked framing VS mask in frame Yutaka_Takeda
- Re: [hybi] Masked framing VS mask in frame Jamie Lokier
- Re: [hybi] Masked framing VS mask in frame Thomson, Martin
- Re: [hybi] Masked framing VS mask in frame Jamie Lokier
- Re: [hybi] Masked framing VS mask in frame Thomson, Martin
- Re: [hybi] Masked framing VS mask in frame Greg Wilkins