Re: [hybi] Fwd: [apps-discuss] Review of draft-ietf-hybi-thewebsocketprotocol for apps-review

Iñaki Baz Castillo <ibc@aliax.net> Thu, 21 July 2011 13:00 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4583321F8B19 for <hybi@ietfa.amsl.com>; Thu, 21 Jul 2011 06:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.668
X-Spam-Level:
X-Spam-Status: No, score=-2.668 tagged_above=-999 required=5 tests=[AWL=0.009, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ok+dAHTskIxq for <hybi@ietfa.amsl.com>; Thu, 21 Jul 2011 06:00:01 -0700 (PDT)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 1783E21F8B24 for <hybi@ietf.org>; Thu, 21 Jul 2011 06:00:00 -0700 (PDT)
Received: by qyk9 with SMTP id 9so4223499qyk.10 for <hybi@ietf.org>; Thu, 21 Jul 2011 06:00:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.66.222 with SMTP id o30mr178292qci.189.1311253200339; Thu, 21 Jul 2011 06:00:00 -0700 (PDT)
Received: by 10.229.185.195 with HTTP; Thu, 21 Jul 2011 06:00:00 -0700 (PDT)
In-Reply-To: <4E281977.8090103@stpeter.im>
References: <4E281977.8090103@stpeter.im>
Date: Thu, 21 Jul 2011 15:00:00 +0200
Message-ID: <CALiegfnD79B052Y3P=SoNM9OQ0h_iTCB+8qroBtLHQgXL=oPFA@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Fwd: [apps-discuss] Review of draft-ietf-hybi-thewebsocketprotocol for apps-review
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2011 13:00:02 -0000

2011/7/21 Peter Saint-Andre <stpeter@stpeter.im>im>:
> The more substantive issue: I'm left unclear as to whether cookies are
> really expected to be used, or how the client might know that it needs
> to use cookies or else the application will not work. In many Web sites,
> the site will not work if cookies are not used by the client, and this
> is sufficiently rare that it's OK. Is that OK for a Websockets app? How
> will the user know how to fix the problem? Since Websockets can't as
> easily reply with a Web page to explain how to enable cookies, it would
> be good to be more clear on this.

And this clearly shows the lack of specification for any
authentication mechanism in WebSocket. It seems that someone though
"perhaps Cookies are good solution" and just added that to the spec
without describing it. Too much vague for a protocol specification
IMHO.



-- 
Iñaki Baz Castillo
<ibc@aliax.net>