Re: [hybi] Fwd: New Version Notification for draft-mcmanus-httpbis-h2-websockets-01.txt

Andy Green <> Thu, 26 October 2017 23:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4F39D13B472 for <>; Thu, 26 Oct 2017 16:41:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FqqtznM5zLtN for <>; Thu, 26 Oct 2017 16:41:25 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6557C1389AC for <>; Thu, 26 Oct 2017 16:41:25 -0700 (PDT)
To: John Fallows <>, Patrick McManus <>
Cc: hybi <>, HTTP Working Group <>
References: <> <> <>
From: Andy Green <>
Message-ID: <>
Date: Fri, 27 Oct 2017 07:40:36 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [hybi] Fwd: New Version Notification for draft-mcmanus-httpbis-h2-websockets-01.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Server-Initiated HTTP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Oct 2017 23:41:27 -0000

On 10/27/2017 05:47 AM, John Fallows wrote:

> The current proposal for WebSocket over HTTP/2 seems to be following a 
> similar approach to that described above at the moment, with the HEADERS 
> frame (requiring special-case processing of CONNECT) and first DATA 
> frame both needed to process the server-side WebSocket handshake over 
> HTTP/2.
> Suggest we instead fold the origin and relevant RFC-6455 defined HTTP 
> headers into the HEADERS frame for simplicity, recognizing as Mark noted 

While I think the first draft, second draft or this suggestion are 
already good enough and get the result of eliminating the tcp + tls 
setup for ws needed today, I also thought that was what was going to 
happen in the second draft.

> that CONNECT is not really intended for use directly at the origin 
> server, and instead use a TUNNEL method with corresponding :protocol 
> pseudo-header, where the value of the TUNNEL :protocol pseudo-header 
> drives the expectation of additional HTTP/2 headers that should be present.
> [[ From Client ]]                        [[ From Server ]]
>                                              SETTINGS
>                                              ENABLE_TUNNEL_PROTOCOL = 1
>     :method = TUNNEL
>     :protocol = websocket
>     :scheme = https
>     :path = /chat
>     :authority = <>
>     origin =
> sec-websocket-protocol = chat, superchat
> sec-websocket-version = 13
>                                              HEADERS + END_HEADERS
>                                              :status = 200
> sec-websocket-protocol = chat
>     DATA
>     WebSocket Frames
>                                              DATA + END_STREAM
>                                              WebSocket Frames
>     WebSocket Frames
> Note also that the scheme is "https" rather than "wss" because the HTTP 
> request is still "https" until *after* the TUNNEL has been established, 
> and the TUNNEL protocol being selected is based on :protocolheader 
> rather than the :schemeheader.
> Hope this is helpful and interested to hear your thoughts and feedback.

This is also simpler for me in two ways, a) headers remain headers and 
b) we don't need a new state machine to parse the DATA before it becomes 
ws traffic... DATA is only used to carry the tunnelled traffic which is 
better.  If you use a funky :method + :protocol or similar if a new 
pseudoheader makes trouble, no need for a DATA probe to upset things 
that don't understand.  Things that didn't understand and think they are 
getting a normal h2 stream will either kill the stream on the, to them, 
illegal method, or if not will kill the stream on the first DATA anyway 
because -->

The spec still needs to touch on the changes it is making to h2 DATA 
frames, it assumes it is inheriting generic bidirectional transport from 
h2, but it isn't.  H2 DATA kills the stream if it comes outside of 
whatever was told for content-length: on both sides, and eg h2spec 
requires you to enforce that.  So the spec requires changes in DATA 
handling implementation for upgraded streams and should note it.

It should probably note there is no relationship between H2 DATA frames 
and the tunneled content, and that the DATA frames may be refragmented. 
It wouldn't hurt to notice that WINDOW_UPDATE is still required / applies.