IETF Logo Mail Archive

Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt

Bruce Atherton <bruce@callenish.com> Fri, 09 September 2011 18:38 UTC

Return-Path: <bruce@callenish.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72D9021F8669 for <hybi@ietfa.amsl.com>; Fri, 9 Sep 2011 11:38:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.384
X-Spam-Level:
X-Spam-Status: No, score=-2.384 tagged_above=-999 required=5 tests=[AWL=-0.085, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RnhScPP3HiHK for <hybi@ietfa.amsl.com>; Fri, 9 Sep 2011 11:38:56 -0700 (PDT)
Received: from biz82.inmotionhosting.com (biz82.inmotionhosting.com [74.124.202.87]) by ietfa.amsl.com (Postfix) with ESMTP id A711E21F8661 for <hybi@ietf.org>; Fri, 9 Sep 2011 11:38:56 -0700 (PDT)
Received: from [24.108.144.160] (helo=[192.168.145.11]) by biz82.inmotionhosting.com with esmtpa (Exim 4.69) (envelope-from <bruce@callenish.com>) id 1R260Q-0000rF-L8; Fri, 09 Sep 2011 11:40:50 -0700
Message-ID: <4E6A5DB7.2000009@callenish.com>
Date: Fri, 09 Sep 2011 11:40:55 -0700
From: Bruce Atherton <bruce@callenish.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: "\"Martin J. Dürst\"" <duerst@it.aoyama.ac.jp>
References: <20110831184207.1514.64093.idtracker@ietfa.amsl.com> <0fc901cc6878$1681eec0$0a00a8c0@Venus> <CAH9hSJb2rH+fX0AnekYxsEkHKzb15aHrg_hDQw1baWLiWBF-3w@mail.gmail.com> <17b501cc6d31$3016d6d0$0a00a8c0@Venus> <CAH9hSJYhLpcXrOtS-nzLt2YW9QbngEsfdcNF+0TadyVA6rrK1A@mail.gmail.com> <17ef01cc6d39$3575ae50$0a00a8c0@Venus> <20110907085128.GA19144@1wt.eu> <CAH9hSJYXZ285L_+eJh6VUVCAg4D+u=vQbcjVOA4RMsJSbcHqiw@mail.gmail.com> <CABLsOLBKgnTFga821t2AZ1dXobTsfMb5v8CTJhm_Nr8WMkonaA@mail.gmail.com> <53451FDB-77F7-42A1-8D16-05094C35AB5D@bbn.com> <4E68E9F6.6030901@stpeter.im> <CA566BAEAD6B3F4E8B5C5C4F61710C11448BDC88@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <1B54A085-1AF4-4324-B252-0C8BE778A69D@bbn.com> <CA566BAEAD6B3F4E8B5C5C4F61710C11448BDD3F@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <4E695F4E.1080606@it.aoyama.ac.jp>
In-Reply-To: <4E695F4E.1080606@it.aoyama.ac.jp>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz82.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - callenish.com
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] I-D Action: draft-ietf-hybi-thewebsocketprotocol-13.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 18:38:57 -0000

On 08/09/2011 5:35 PM, "Martin J. Dürst" wrote:
>
> However, just for the record, I would want to point out that the way 
> the browser maker people explained their strong desire for masking was 
> "if ever something bad happens, it's always the browser which is 
> blamed". That seems to indicate that the guys in charge of performing 
> masking from the client side (e.g. the browser makers) and the guys 
> interested in having it done are the same. In such a case, changing a 
> MUST to a SHOULD is much less of a problem than when the SHOULD is 
> there to protect somebody else's interest.

This is exactly right. Browser makers are the ones who insisted on this 
feature, and they will certainly implement it. I doubt that any other 
implementer of a client even wants masking.

I see no reason to require servers to reject connections with incoming 
unmasked frames. Masking is a concern for browser clients only.

The argument has been made that clients will be lazily implemented to 
not implement masking, but I can't understand why that is an issue. Such 
custom clients could send whatever they wanted to anyway. Browser 
clients will always have masking, unless it is shown that there is no 
benefit to it because the buggy intermediaries are gone.

v2.23.0 | Report a Bug | By Email