[hybi] Connection-level extensions
Bjoern Hoehrmann <derhoermi@gmx.net> Tue, 05 April 2011 22:49 UTC
Return-Path: <derhoermi@gmx.net>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 34EF53A6811 for <hybi@core3.amsl.com>; Tue, 5 Apr 2011 15:49:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.412
X-Spam-Level:
X-Spam-Status: No, score=-1.412 tagged_above=-999 required=5 tests=[AWL=-1.113, BAYES_00=-2.599, MANGLED_EXTNSN=2.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5RqzR-KuEZT7 for <hybi@core3.amsl.com>; Tue, 5 Apr 2011 15:49:14 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by core3.amsl.com (Postfix) with SMTP id A7A0E3A6810 for <hybi@ietf.org>; Tue, 5 Apr 2011 15:49:13 -0700 (PDT)
Received: (qmail invoked by alias); 05 Apr 2011 22:50:55 -0000
Received: from dslb-094-222-129-148.pools.arcor-ip.net (EHLO HIVE) [94.222.129.148] by mail.gmx.net (mp032) with SMTP; 06 Apr 2011 00:50:55 +0200
X-Authenticated: #723575
X-Provags-ID: V01U2FsdGVkX19FBjhCOgpF3smWcLkiZBdj/LGOyPUznLeXvdbI6Y UX9PvW6wBiR24F
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: hybi@ietf.org
Date: Wed, 06 Apr 2011 00:51:11 +0200
Message-ID: <385np69jlv63dp4sppebgrf7u9coamkqjt@hive.bjoern.hoehrmann.de>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Subject: [hybi] Connection-level extensions
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2011 22:49:15 -0000
Hi, I gather from the threads on how masking makes the deflate-stream ex- tension perform much worse that the extension is essentially a deflate- tunnel that wraps around the Websocket frames. I am not sure people are aware this kind of extension is even possible and there are problems with them, for instance, the current draft does not really mention this as a possibility and you can't write intermediaries that need to under- stand parts of the protocol without having to upgrade them for each new extension. For `deflate-stream` in particular it's not even very useful to work in this manner due to masking, and since masking does not actually random- ize the content that is sent, it would also seem to defeat masking. De- flation compresses by replacing repeated sequences with references, and the chosen masking scheme allows attackers to produce repeated sequences so it may be quite possible to generate messages deflation turns into a desired sequence of bytes, if the deflate implementation is predictable. It seems odd to me that everybody is okay with having connection-level extensions at all, and having the `deflate-stream` extension designed in this manner in particular. In any case, this should be mentioned promi- nently in the specification. regards, -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
- [hybi] Connection-level extensions Bjoern Hoehrmann
- Re: [hybi] Connection-level extensions Greg Wilkins
- Re: [hybi] Connection-level extensions Brian McKelvey