IETF Logo Mail Archive

Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt

Willy Tarreau <w@1wt.eu> Fri, 09 September 2011 05:46 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BBCA21F84B8 for <hybi@ietfa.amsl.com>; Thu, 8 Sep 2011 22:46:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.916
X-Spam-Level:
X-Spam-Status: No, score=-3.916 tagged_above=-999 required=5 tests=[AWL=-1.873, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1TKHrexbW10M for <hybi@ietfa.amsl.com>; Thu, 8 Sep 2011 22:46:11 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id 594B721F84A0 for <hybi@ietf.org>; Thu, 8 Sep 2011 22:46:10 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p895lCKU029156; Fri, 9 Sep 2011 07:47:12 +0200
Date: Fri, 09 Sep 2011 07:47:12 +0200
From: Willy Tarreau <w@1wt.eu>
To: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
Message-ID: <20110909054712.GF27297@1wt.eu>
References: <20110831184207.1514.64093.idtracker@ietfa.amsl.com> <0fc901cc6878$1681eec0$0a00a8c0@Venus> <CAH9hSJb2rH+fX0AnekYxsEkHKzb15aHrg_hDQw1baWLiWBF-3w@mail.gmail.com> <CA566BAEAD6B3F4E8B5C5C4F61710C11448BCD04@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <20110908211638.GD27297@1wt.eu> <CA566BAEAD6B3F4E8B5C5C4F61710C11448BE3BB@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA566BAEAD6B3F4E8B5C5C4F61710C11448BE3BB@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
User-Agent: Mutt/1.4.2.3i
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 05:46:12 -0000

Hi Gabriel,

On Thu, Sep 08, 2011 at 09:33:43PM +0000, Gabriel Montenegro wrote:
> > > "
> > > OLD: All frames sent from the server to the client are not masked.
> > > NEW: All frames sent from the server to the client MUST NOT be masked.
> > >
> > > Let's also change
> > > OLD: All frames sent from the client to the server are masked to avoid ...
> > > NEW: All frames sent from the client to the server MUST be masked to avoid
> > ...
> > > "
> > 
> > As I indicated in another mail a few days ago, using this passive form always
> > causes trouble : when you receive something which is not supposed to be
> > possible, what should you do ? And if you're already able to process it anyway,
> > should you do it ?
> 
> The WG already decided to be very strict about this:
> http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-14#section-10.7
> 
> If you find a protocol violation, there's no point in continuing with that peer. Less variability leads to less attack vectors, but also less code to test and maintain.
> 
> This is why I still think Takeshi-san's proposal above is the best outcome.

Well, I still disagree, but it's not important, so I won't insist ;-)

Cheers,
Willy

v2.23.0 | Report a Bug | By Email