Re: WebSockets and masking

On Sat, May 20, 2023 at 12:47:53PM +0300, Ilari Liusvaara wrote:
> On Fri, May 19, 2023 at 11:07:16PM +0200, Dragana Damjanovic wrote:
> > Hi,
> > 
> > I wrote a draft that proposes adding an extension to WebSockets to
> > negotiate "no-masking". The extension should be used only if intermediaries
> > cannot see unencrypted traffic. In this case, the masking is not needed,
> > and omitting it would reduce needed processing. The proposal has some
> > problems, but I would like to hear the opinion of the group and if people
> > are interested in such a feature.
> I did write one application using websockets, with its own websockets
> code. It always sets masking key to all zeroes on client side, and on
> server side skips the unmasking if the key is zero.

IMHO this is a clever solution that lets each side optimize as it wants
or allow the other side to optimize, without requiring any negotiation
nor extension.

>   And requirement for E2E encrypted connection would be a severe
>   deployment problem. There are a LOT of reverse proxies out there,
>   mostly for good reasons.



Received on Saturday, 20 May 2023 12:15:43 UTC