RFC Errata
RFC 6455, "The WebSocket Protocol", December 2011
Note: This RFC has been updated by RFC 7936, RFC 8307, RFC 8441
Source of RFC: hybi (app)
Errata ID: 3215
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Jesse Katzman
Date Reported: 2012-05-06
Rejected by: Barry Leiba
Date Rejected: 2012-05-06
Section 5.3 says:
The unpredictability of the masking key is essential to prevent authors of malicious applications from selecting the bytes that appear on the wire.
Notes:
I don't see how the client-to-server masking prevents "authors of malicious applications from selecting the bytes that appear on the wire".
Maliciously changing the contents of a message simply requires a few more steps than it would without masking, as far as I can tell.
I'm quite new at networking, so perhaps I'm missing something. Thank you.
--VERIFIER NOTES--
Not appropriate for errata; please take your input to the HyBi working group as it continues its efforts.