We design a cryptographic protocol to setup Secure Websocket(alias SWS) over plain HTTP site between http client and http server, which includes Nacl-based Certificates Exchanges and Crypto-Keys Distribution.
How is that different from any other crypto-in-js? In other words, Alice goes to Bob's server, Mallory serves a MITMd initial page w/o encryption (or worse, with the cipher suite replaced for a weak one) to Alice, and nobody is any wiser.
Cute, but impractical - makes too many assumptions, especially "yeah, let's ultimately trust the initial page load, what's the worst that could happen". You could load the initial page over HTTPS, but now you have two crypto stacks to worry about.
In absence of answer, I assume this means "we'll just sprinkle it with magical crypto pixie dust, abracadabra, Perfect Security!" In other words, cargo-cult security :(
I don't get the threat model. You're trying to protect the websocket against possible mitm, but you're doing it using client script downloaded without security over a similar route that you have to also assume is mitm'ed. So basically all the attacker need to do is replace your script with some alternative copy that either exposes the keys or mirrors the whole steam to the attacker endpoint.
7 comments
[ 2.8 ms ] story [ 30.1 ms ] threadCute, but impractical - makes too many assumptions, especially "yeah, let's ultimately trust the initial page load, what's the worst that could happen". You could load the initial page over HTTPS, but now you have two crypto stacks to worry about.
Am I missing anything?