Re: websocket HTTP response parsing from Ian Hickson on 2008-07-07 (public-html@w3.org from July 2008)

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 7 Jul 2008 12:11:28 +0000 (UTC)
To: Julian Reschke <julian.reschke@gmx.de>
Cc: "public-html@w3.org" <public-html@w3.org>
Message-ID: <Pine.LNX.4.62.0807071205160.11210@hixie.dreamhostps.com>

On Mon, 7 Jul 2008, Julian Reschke wrote:
> 
> "The requirement that the handshake not be one that an existing server 
> can be tricked into sending".

One of the key aspects of this feature is that it not be abusable in the 
sense of a hostile site connecting from the user's machine to services on 
the internet or intranet that are not expecting machines under the control 
of the author to connect to them.

For example, if a connection could be made from a Web page to an SMTP 
server, then a hostile author could use this API to send spam.

Similarly, if a connection could be made to an HTTP server behind a 
firewall, then a hostile author could obtain confidential data.

Or a hostile author could connect to an IRC server and cause the user's 
machine to act as an IRC bot.

And so on.

The goal of the handshake is to make this impossible, by dropping the 
connection if the remote host doesn't show a willingness to take part in 
the Web Socket protocol, and a willingness to communicate with the page in 
question, based on its origin (in the HTML5 sense).

> > > > > > > Also, did you consider the impact of intermediates in the 
> > > > > > > request path?
> > > > > >
> > > > > > You mean, like proxies? Sure, the spec defines how to handle 
> > > > > > those.
> > > > > 
> > > > > What if they somehow modify the reason phrase? It would be 
> > > > > outside the control of the server, and communication would 
> > > > > break.
> > > >
> > > > Any proxy that did that would be deeply violating HTTP rules and 
> > > > would also be breaking TLS tunnels.
> > >
> > > Which HTTP rule would be violated by a proxy rewriting the reason 
> > > phrase?
> > 
> > Wouldn't it be a violation of CONNECT semantics?
> 
> I didn't talk about CONNECT.

I encourage you to read the specification you are commenting on, in 
particular section 7.3.4.1.1. Handshake, step 8.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Monday, 7 July 2008 12:12:07 UTC