:method | Re: WebSocket2

Kari Hurtta <hurtta-ietf@elmme-mailer.org> Tue, 04 October 2016 04:24 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D6F512940E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 3 Oct 2016 21:24:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.917
X-Spam-Level:
X-Spam-Status: No, score=-9.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kHxfrZyM389a for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 3 Oct 2016 21:24:17 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88C71126FDC for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 3 Oct 2016 21:24:17 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1brHCl-0003q6-En for ietf-http-wg-dist@listhub.w3.org; Tue, 04 Oct 2016 04:19:47 +0000
Resent-Date: Tue, 04 Oct 2016 04:19:47 +0000
Resent-Message-Id: <E1brHCl-0003q6-En@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <hurtta@siilo.fmi.fi>) id 1brHCj-0003pQ-R1 for ietf-http-wg@listhub.w3.org; Tue, 04 Oct 2016 04:19:45 +0000
Received: from smtpvgate.fmi.fi ([193.166.223.36]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <hurtta@siilo.fmi.fi>) id 1brHCb-0008Sn-G5 for ietf-http-wg@w3.org; Tue, 04 Oct 2016 04:19:44 +0000
Received: from torkku.fmi.fi (torkku.fmi.fi [193.166.211.55]) (envelope-from hurtta@siilo.fmi.fi) by smtpVgate.fmi.fi (8.13.8/8.13.8/smtpgate-20160114/smtpVgate) with ESMTP id u944J8o0022338 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 4 Oct 2016 07:19:09 +0300
Received: from shell.siilo.fmi.fi by torkku.fmi.fi with ESMTP id u944J8ws006133 ; Tue, 4 Oct 2016 07:19:08 +0300
Received: from shell.siilo.fmi.fi ([127.0.0.1]) by shell.siilo.fmi.fi with ESMTP id u944J85D015702 ; Tue, 4 Oct 2016 07:19:08 +0300
Received: by shell.siilo.fmi.fi id u944J8nD015701; Tue, 4 Oct 2016 07:19:08 +0300
Message-Id: <201610040419.u944J8nD015701@shell.siilo.fmi.fi>
In-Reply-To: <CAG-EYCgEs1oSdLeLVwd12ECaL=+3pzytuy89xFWvvKCEY8fi4g@mail.gmail.com>
References: <CAG-EYChPJpAzoEuNwY3cNz503d0FRbNnDx_9AsNsZyfb5nmN0g@mail.gmail.com> <20161002080030.5F328160CC@welho-filter4.welho.com> <20161002101548.GA9450@LK-Perkele-V2.elisa-laajakaista.fi> <201610021110.u92BAWpi019029@shell.siilo.fmi.fi> <20161002124346.GB9450@LK-Perkele-V2.elisa-laajakaista.fi> <201610021340.u92DeBBL029907@shell.siilo.fmi.fi> <20161002171905.GA10108@LK-Perkele-V2.elisa-laajakaista.fi> <201610030440.u934e3kL031002@shell.siilo.fmi.fi> <CAG-EYCgEs1oSdLeLVwd12ECaL=+3pzytuy89xFWvvKCEY8fi4g@mail.gmail.com>
To: Van Catha <vans554@gmail.com>
Date: Tue, 4 Oct 2016 07:19:08 +0300 (EEST)
Sender: hurtta@siilo.fmi.fi
From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Ilari Liusvaara <ilariliusvaara@welho.com>, HTTP working group mailing list <ietf-http-wg@w3.org>
X-Mailer: ELM [version ME+ 2.5 PLalpha41]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
X-Filter: smtpVgate.fmi.fi: 3 received headers rewritten with id 20161004/14566/01
X-Filter: smtpVgate.fmi.fi: ID 14566/01, 1 parts scanned for known viruses
X-Filter: torkku: ID 3693/01, 1 parts scanned for known viruses
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtpVgate.fmi.fi [193.166.223.36]); Tue, 04 Oct 2016 07:19:09 +0300 (EEST)
Received-SPF: none client-ip=193.166.223.36; envelope-from=hurtta@siilo.fmi.fi; helo=smtpVgate.fmi.fi
X-W3C-Hub-Spam-Status: No, score=-6.7
X-W3C-Hub-Spam-Report: AWL=-0.151, BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-2.638, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1brHCb-0008Sn-G5 3af7eb15dab857b8280007d041b65b5d
X-Original-To: ietf-http-wg@w3.org
Subject: :method | Re: WebSocket2
Archived-At: <http://www.w3.org/mid/201610040419.u944J8nD015701@shell.siilo.fmi.fi>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32459
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Van Catha <vans554@gmail.com>om>: (Mon Oct  3 19:39:34 2016)
> Amos Jeffries
> 
> > I believe the relevant expert(s) are reading this thread already.
> >
> > That is the more likely reason a negotiated extension is unlikely to
> > happen. If it is not needed at all, then it might be easier not to bother.
> 
> I was not aware using a custom method was allowed, if that is the case,
> CONNECT, UPGRADE, WS2, etc all work.

• Using CONNECT makes this

 ":scheme"    = "wss"  (or  "ws"  on forward proxy scenario )
 ":authority" = "foo.example"
 ":method"    = "CONNECT"
 ":path"      = "/bar"

RFC of Websocket2  updates RFC 7540 (HTTP/2)

This make clear negation for WebSocket2

https://tools.ietf.org/html/rfc7540#section-8.3

|   o  The ":method" pseudo-header field is set to "CONNECT".
|
|   o  The ":scheme" and ":path" pseudo-header fields MUST be omitted.
|
|   o  The ":authority" pseudo-header field contains the host and port to
|      connect to (equivalent to the authority-form of the request-target
|      of CONNECT requests (see [RFC7230], Section 5.3)).
|
|   A CONNECT request that does not conform to these restrictions is
|   malformed (Section 8.1.2.6).
 
https://tools.ietf.org/html/rfc7540#section-8.1.2.6

|   Intermediaries that process HTTP requests or responses (i.e., any
|   intermediary not acting as a tunnel) MUST NOT forward a malformed
|   request or response.  Malformed requests or responses that are
|   detected MUST be treated as a stream error (Section 5.4.2) of type
|   PROTOCOL_ERROR.
|
|   For malformed requests, a server MAY send an HTTP response prior to
|   closing or resetting the stream.  Clients MUST NOT accept a malformed
|   response.  Note that these requirements are intended to protect
|   against several types of common attacks against HTTP; they are
|   deliberately strict because being permissive can expose
|   implementations to these vulnerabilities.


1) If origin server, forward proxy or reserve proxy
   supports HTTP/2 and pay attention and does not
   support WebSocket2, then it produces RST_STREAM 
   or GOAWAY frame with PROTOCOL_ERROR.

   RST_STREAM is cheap but GOAWAY is expensive.

2) If origin server notices ":method", but ignores
   ":scheme" and ":path", this produces 
   ":status" = "405"   (Method Not Allowed) most likely.

3) If reverse proxy for ":authority" notices ":method", 
   but ignores ":scheme" and ":path", then it perhaps just
   forwards request (maybe dropping ":scheme" and ":path")

4) If forward proxy configured on browser notices ":method", 
   but ignores ":scheme" and ":path", then it perhaps tries connect port
   443 of ":authority" or perhaps it notices that port is missing
   from ":authority".

• Using WS2 makes this

 ":scheme"    = "wss"  (or  "ws"  on forward proxy scenario )
 ":authority" = "foo.example"
 ":method"    = "WS2"
 ":path"      = "/bar"

RFC of Websocket2 registers new method. 

( http://www.iana.org/assignments/http-methods/http-methods.xhtml#methods )
( Registration Procedure(s): IETF Review
  RFCs (of IETF working group) and some other RFCs 
  fills that procedure. )

This is similar than PRI method registeration of
RFC 7540 (HTTP/2)

https://tools.ietf.org/html/rfc7540#section-11.6

|   Related information:  This method is never used by an actual client.
|      This method will appear to be used when an HTTP/1.1 server or
|      intermediary attempts to parse an HTTP/2 connection preface.

WS2 is not used as actual http -method but it is used on negotiation.

If origin server, forward proxy or reserve proxy does
not pay attention to ":scheme" and ":method", it 
probbaly assumes that DATA frames form HTTP request
and response body.

1) If origin server does not pay attention to ":scheme"
   it  produces ":status" = "405"  (Method Not Allowed) most likely.

2) If origin server notices that it does not support
   ":scheme" it can also produce ":status" = "501" (Not Implemented).

3) Reverse proxy for ":authority" probably forwards request
   but may assume that DATA frames form HTTP request
   and response body if it does not know about 
   RFC of Websocket2.

4) forward proxy configured on browser proabably
   notices that it does not support ":scheme"
   and returns ":status" = "501" (Not Implemented)
   (in case it does not support or know about
    RFC of Websocket2).

• Using UPGRADE is same case than WS2

RFC of Websocket2 registers new method.

/ Kari Hurtta