Re: [hybi] IESG note?, was: Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt> (The WebSocket protocol) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 06, 2011 at 10:05:48PM +0100, Stephen Farrell wrote:
> 
> Hi Richard,
> 
> On 09/06/2011 06:57 PM, Richard L. Barnes wrote:
> >IMO, this is a pretty strong argument against masking, given how low the 
> >observed rate of buggy intermediaries is (~0.0017%) and how high the 
> >observed rate of malware propagation is.
> 
> 
> I'm not sure what you're comparing there. Can you elaborate?
> 
> In fact, I'm not sure I get the malware argument. Malware
> authors are also free to obfuscate or mask their stuff,
> when both sides of the conversation but not the intermediaries
> are controlled as would be the case here. Or maybe I'm
> missing something?

No you're not missing anything, some malware even communicate
via micro-messaging such as twitter nowadays, this is plain
valid HTTP !

> I personally think the masking thing is pretty ugly. But I
> have to (reluctantly) admit I think it does what its
> supposed to do. At this stage I think it comes down to
> either doing the masking or not using port 80.

Indeed. Also the masking is optional in the protocol but defined
as mandatory in clients. So some special applications might very
well not implement it at all and some day it's very likely that
we'll get rid of it by default, just like the web doesn't work
well if you omit to post a Host header today.

Regards,
Willy

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]