IETF Logo Mail Archive

Re: [hybi] Ticket#1 Http Compliance

Scott Ferguson <ferg@caucho.com> Thu, 13 May 2010 15:53 UTC

Return-Path: <ferg@caucho.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 63E8B3A6B82 for <hybi@core3.amsl.com>; Thu, 13 May 2010 08:53:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.102
X-Spam-Level:
X-Spam-Status: No, score=-0.102 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_40=-0.185]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mpbZZ-dsjux0 for <hybi@core3.amsl.com>; Thu, 13 May 2010 08:53:48 -0700 (PDT)
Received: from smtp113.biz.mail.re2.yahoo.com (smtp113.biz.mail.re2.yahoo.com [66.196.116.98]) by core3.amsl.com (Postfix) with SMTP id E1E363A6910 for <hybi@ietf.org>; Thu, 13 May 2010 08:53:41 -0700 (PDT)
Received: (qmail 64443 invoked from network); 13 May 2010 15:53:29 -0000
Received: from [192.168.1.10] (ferg@66.92.8.203 with plain) by smtp113.biz.mail.re2.yahoo.com with SMTP; 13 May 2010 08:53:29 -0700 PDT
X-Yahoo-SMTP: L1_TBRiswBB5.MuzAo8Yf89wczFo0A2C
X-YMail-OSG: obvwUvkVM1mdPMgfsfaH8m1.yWf1y710biAEc4NUBPRvM3ff4fic8QEwVwuxWPxtUdQr14bH5wQ.Y93LRhho1EljB2oUHvtYEC9VPs5Pz1JyqaCPsjh2A2bKkMKDpcfjpM3saogVSsEA4BCEV0gBVDeTJ1_6FqUjXckvvtY9eLwGSouaj5ERoPqY2.RPa5jIepnTg.zpAW6qFjD5y4eWI.eldiIKAmNaFSJdjx8P0Z88YThb5ex_59_Q1whVCdne1OEk.KEBoRjzlbbU1gu1oHLld8HZwnnM4vYXBwYqEPgnsyAYkAPzWaZbqLjMij1vzHMabvycAfWvMpC8yCtdQAHNU8mCVu8G19dayy9YLf93SePDxnAnk1Ge.jawWDDuNmJQ1638kZnn7..hRAZ754lEhCTXpB_cNI1TGH_2E6s-
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4BEC2070.5030705@caucho.com>
Date: Thu, 13 May 2010 08:53:20 -0700
From: Scott Ferguson <ferg@caucho.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Greg Wilkins <gregw@webtide.com>
References: <4BEAB021.5030600@webtide.com> <16A430F2-1458-404C-839B-7EEF23434026@apple.com> <4BEBBD7D.8090609@webtide.com> <16DD953D-55E8-4188-B979-0AA348878C73@apple.com> <4BEBCC37.5070808@webtide.com> <3276A7F4-0A3A-4099-8A35-860DD0B93032@apple.com> <4BEBF5E8.2020800@webtide.com>
In-Reply-To: <4BEBF5E8.2020800@webtide.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Ticket#1 Http Compliance
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2010 15:53:49 -0000

Greg Wilkins wrote:
> Maciej Stachowiak wrote:
>   
>> On May 13, 2010, at 2:53 AM, Greg Wilkins wrote:
>>     
>>> telnet is not HTTP compliant as I can telnet to a
>>> HTTP server and do all sorts of illegal stuff.
>>>       
>> Can you give an example that's relevant to WebSocket? Is there anything in a 
>> current or previous draft that's HTTP compatible but not HTTP compliant?
>> That would make it easier to assess the practical impact of this change.
>>     
>
> I believe the current -76 handshake could be described as HTTP compatible,
> but it is not HTTP compliant.
>   
Since -76 and HTTP don't even use the same encoding (-76 is UTF-8, while 
HTTP is US-ASCII with ISO-8859-1 used, but obsolete), I'm not sure 
calling them "compatible" is helpful.

The WebSocket handshake needs to be a valid HTTP request. If it's 
possible to create a valid WebSocket handshake that's not a valid HTTP 
request, then we have a problem, whether we call it "compatible" or not.
> There is also a restriction on the server that it's only
> valid responses to a handshake is to either accept with
> a 101 or to close the connection.  A compliant HTTP server
> should be able to respond with any compliant HTTP response.
> The websocket specification can say that websocket clients
> can ignore all non-101 responses and close the connection,
> but they cannot require that a HTTP server act contrary
> to the HTTP specification simply because a client made
> some mistake in the formulation of their websocket URL (for
> example).
>
> In order to claim websocket compliance, I do not want to
> have to change my server so that every URL that receives
> a bad websocket upgrade has to close the connection without
> sending some legal HTTP error response (eg 400 or 404).
>   
Agreed. This is a big issue. The server must be allowed to return a 
valid HTTP response rejecting the Upgrade request.

Actually, if WebSockets is using HTTP/80 for the handshake, it really 
needs a valid HTTP response on rejected requests and header errors. It's 
just not reasonable to require servers to produce an invalid HTTP 
response if it sees an Upgrade: WebSocket, when the rest of the request 
is normal HTTP.

Clients need to handle valid HTTP rejections anyway, because they need 
to respond properly to normal HTTP server responses, e.g. if the 
WebSocket service goes away or moves.

-- Scott

v2.37.1 | Report a Bug | By Email | System Status