Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
Willy Tarreau <w@1wt.eu> Fri, 09 September 2011 05:46 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BBCA21F84B8 for <hybi@ietfa.amsl.com>; Thu, 8 Sep 2011 22:46:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.916
X-Spam-Level:
X-Spam-Status: No, score=-3.916 tagged_above=-999 required=5 tests=[AWL=-1.873, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1TKHrexbW10M for <hybi@ietfa.amsl.com>; Thu, 8 Sep 2011 22:46:11 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id 594B721F84A0 for <hybi@ietf.org>; Thu, 8 Sep 2011 22:46:10 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p895lCKU029156; Fri, 9 Sep 2011 07:47:12 +0200
Date: Fri, 09 Sep 2011 07:47:12 +0200
From: Willy Tarreau <w@1wt.eu>
To: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
Message-ID: <20110909054712.GF27297@1wt.eu>
References: <20110831184207.1514.64093.idtracker@ietfa.amsl.com> <0fc901cc6878$1681eec0$0a00a8c0@Venus> <CAH9hSJb2rH+fX0AnekYxsEkHKzb15aHrg_hDQw1baWLiWBF-3w@mail.gmail.com> <CA566BAEAD6B3F4E8B5C5C4F61710C11448BCD04@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <20110908211638.GD27297@1wt.eu> <CA566BAEAD6B3F4E8B5C5C4F61710C11448BE3BB@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA566BAEAD6B3F4E8B5C5C4F61710C11448BE3BB@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
User-Agent: Mutt/1.4.2.3i
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 05:46:12 -0000
Hi Gabriel, On Thu, Sep 08, 2011 at 09:33:43PM +0000, Gabriel Montenegro wrote: > > > " > > > OLD: All frames sent from the server to the client are not masked. > > > NEW: All frames sent from the server to the client MUST NOT be masked. > > > > > > Let's also change > > > OLD: All frames sent from the client to the server are masked to avoid ... > > > NEW: All frames sent from the client to the server MUST be masked to avoid > > ... > > > " > > > > As I indicated in another mail a few days ago, using this passive form always > > causes trouble : when you receive something which is not supposed to be > > possible, what should you do ? And if you're already able to process it anyway, > > should you do it ? > > The WG already decided to be very strict about this: > http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-14#section-10.7 > > If you find a protocol violation, there's no point in continuing with that peer. Less variability leads to less attack vectors, but also less code to test and maintain. > > This is why I still think Takeshi-san's proposal above is the best outcome. Well, I still disagree, but it's not important, so I won't insist ;-) Cheers, Willy
- Re: [hybi] what's next Peter Saint-Andre
- [hybi] I-D Action: draft-ietf-hybi-thewebsocketpr… internet-drafts
- [hybi] what's next Peter Saint-Andre
- Re: [hybi] what's next Julian Reschke
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Alexey Melnikov
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Alexey Melnikov
- Re: [hybi] what's next Iñaki Baz Castillo
- Re: [hybi] what's next Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Len Holgate
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Sylvain Hellegouarch
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Alexey Melnikov
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Joel Martin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… SM
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Peter Saint-Andre
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… John Tamplin
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Tobias Oberstein
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… SM
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Gabriel Montenegro
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Greg Wilkins
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Martin J. Dürst
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Takeshi Yoshino
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Willy Tarreau
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Richard L. Barnes
- Re: [hybi] I-D Action: draft-ietf-hybi-thewebsock… Bruce Atherton