- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 26 Oct 2005 18:17:54 +0000 (UTC)
On Mon, 17 Oct 2005, Ted Goddard wrote: > > Rather than invent another protocol, this seems like an > excellent application for BEEP: > > http://www.ietf.org/rfc/rfc3080.txt Good lord, that protocol is FAR more complicated than it needs to be. And it doesn't address several of the security issues that are critical here, such as severly limiting what the initial packets can contain, and ensuring that the remote host is expecting a connection initiated by a Web page of the specified domain. > Restricting connections to the originating host only has shown > to be fairly effective so far, and it's quite easy to see how > allowing arbitrary connections (no matter what port they are on) > could be used to stage attacks on remote servers. Are connections > to arbitrary hosts worth the risk? With the protocol as currently designed, connections can only be established to hosts that are expecting connections from the page's domain, which massively minimises the risk. (At the moment, it isn't possible to connect to remote hosts from other domains anyway, but I imagine we'll relax this in due course.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 26 October 2005 11:17:54 UTC