Re: [apps-discuss] IETF technical plenary: the end of application protocols

Graham Klyne <> Tue, 22 March 2011 07:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E93E03A659C for <>; Tue, 22 Mar 2011 00:57:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Lv8duoEoxC2T for <>; Tue, 22 Mar 2011 00:57:13 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 2E2753A659A for <>; Tue, 22 Mar 2011 00:57:10 -0700 (PDT)
Received: from ([]) by with esmtp (Exim 4.74) (envelope-from <>) id 1Q1wU7-00010O-Gx; Tue, 22 Mar 2011 07:58:35 +0000
Received: from ([] helo=Eskarina.local) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <>) id 1Q1wU6-00059Y-9K; Tue, 22 Mar 2011 07:58:35 +0000
Message-ID: <>
Date: Tue, 22 Mar 2011 07:49:22 +0000
From: Graham Klyne <>
User-Agent: Thunderbird (Macintosh/20100228)
MIME-Version: 1.0
To: Pete Resnick <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Oxford-Username: zool0635
Cc:, Apps Discuss <>
Subject: Re: [apps-discuss] IETF technical plenary: the end of application protocols
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 22 Mar 2011 07:57:15 -0000


Notwithstanding my earlier comments in support of Web/HTTP for some 
applications, I have some sympathy for the sentiments you express here.   It 
does sometimes feel to me that there a technology "capture" taking place by some 
of the big web players (cf. HTML5), and also there's the whole net neutrality 
debate seems to be heating up (again?).

But at heart the web *should* be about decentralization, breaking the 
dependencies on single servers and services, enabling developers to develop 
innovative new applications based on web data.  The web architecture principles 
build on the end-to-end Internet philosophy, and explicitly try to avoid adding 
new control points.  I would say that "big players ... pushing as much as they 
can into servers so that they can control both the data and the user experience" 
is something the web makes possible in some cases by virtue of its lack of 
central coordination.

There are many developers in the web community who are creating innovative 
applications that fit in and around the offerings of the big players.  For just 
one example that happens to spring to mind, see

The Web is harmed as much by the lack of end-to-end connectivity as any other 
application.  And, yes, I think that HyBi has degenerated into a rather 
unproductive bun-fight, possibly by trying to do too much rather than figuring a 
minimum set of requirements that could unlock a range of new capabilities 
*within* the established web framework.  And yes, the Web isn't right for every 
application (email being a case in point).  But I claim that there are very many 
applications that *can* sit comfortably within the web framework if the design 
is approached in a conforming way.  (And that a lot of design choices in 
application design may be quite arbitrary, and constraining some of those 
choices doesn't greatly limit the range of useful applications that can be created.)

So, while I agree with your exhortation to restore end-to-end connectivity to 
the Internet, I don't think that the Web itself is truly the great bete noir in 
this (other than, by virtue of its widespread use, exacerbating and accelerating 
the depletion of endpoint addresses).

Don't throw out the baby with the bathwater!


FWIW, I can think of two simple (to describe) capabilities that would help to 
make the web more widely usable as a application platform:

(a) a *simple* mechanism for pushing asynchronous notifications to a web 
application (browser-based or otherwise).  I had early hopes for HyBi, but have 
somewhat given up.

(b) a well-founded security model to permit controlled relaxation of the 
same-origin restrictions on web applications in browsers.  Many of the current 
proposals I'm aware of seem to lack a coherent security analysis (though, when I 
last looked, HTML5 may be an exception in this regard).  I think this could make 
it easier to separate data storage from applications, opening the way to give 
users back control of their data.

Pete Resnick wrote:
> On 3/21/11 9:31 AM, Dave CROCKER wrote:
>> Folks,
>> I just saw the announcement for the Technical Plenary presentation.
> I sent this to the IAB a few weeks ago. We haven't had much conversation 
> (they responded, but the firehose of stuff before the IETF meeting kept 
> me from replying until recently), but I thought you all would be amused.
> -------- Original Message --------
> Message-ID: <>
> Date: Tue, 8 Mar 2011 16:53:21 -0600
> From: Pete Resnick <>
> To: <>
> Subject: IAB Technical Session
> CC: "'The IESG'" <>
> [Feel free to forward this as you see fit.]
> Dear IAB,
> You will probably find it unsurprising that I find the abstract of the 
> technical session at the IAB plenary to be completely unadulterated 
> rubbish. It is by no means the "advancement in the design of web 
> browsers" nor the "widespread availability and growing sophistication of 
> JavaScript interpreters in browsers" that has changed the architecture 
> of applications. Quite the contrary, it is the forcing of a particular 
> application paradigm, that of requiring all applications to be 
> client-server based with all intelligence based in the server, that has 
> in turn forced Javascript sophistication to increase to accommodate 
> complex application logic inside the browser. (Indeed, it is this force 
> that has led to HyBi, the abomination whereby browser-based 
> applications, instead of being able to simply open a TCP connection, are 
> forced to go through an HTTP tunnel to the web server in order to get 
> any kind of network connectivity.) Protocols like POP and IMAP are not 
> being subsumed into these systems. Rather, the semantics of these 
> protocols are being dumbed down, eliminating functionality, in order to 
> allow them to fit into the new constrained environment.
> There are two obvious drivers of this evolution: First and foremost is 
> the continuing lack of end-to-end connectivity in the network. This is 
> due to the presence of NATs and assorted firewall nonsense that makes 
> non-tunneled applications harder and harder to deploy. But the second 
> driving force is the more insidious one: economics. The economics of the 
> Internet are currently being driven by big players consolidating the 
> network, pushing as much as they can into servers so that they can 
> control both the data and the user experience for applications on the 
> Internet. This of course is not in the interest of end users, except 
> insofar as the "big players" are end users with large economic 
> interests. The more centralized the data becomes, the more dependent 
> users are on the "big players", the less innovation in applications can 
> take place, and the less stable the Internet is as a whole.
> This is not a state of affairs in which we need to "identify areas where 
> the standardization is unlikely to be relevant in the future, and focus 
> our efforts on those areas where our application designs will remain 
> impactful." Rather, we need to do what we can with tools we are 
> currently developing (the deployment of IPv6, the use of MPTCP and other 
> protocols which allow us to route around the damage to the end-to-end 
> model) to combat this model and have the Internet remain a distributed 
> end-to-end network.
> Back to La Mancha. I've been noticing these windmills....
> pr