Re: [hybi] WebSocket feedback
Greg Wilkins <gregw@webtide.com> Thu, 04 March 2010 17:20 UTC
Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D8DB03A8D93 for <hybi@core3.amsl.com>; Thu, 4 Mar 2010 09:20:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.59
X-Spam-Level:
X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[AWL=0.009, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ITX-+TVdMeLI for <hybi@core3.amsl.com>; Thu, 4 Mar 2010 09:20:57 -0800 (PST)
Received: from mail-fx0-f213.google.com (mail-fx0-f213.google.com [209.85.220.213]) by core3.amsl.com (Postfix) with ESMTP id B28123A8B85 for <hybi@ietf.org>; Thu, 4 Mar 2010 09:20:56 -0800 (PST)
Received: by fxm5 with SMTP id 5so3069983fxm.29 for <hybi@ietf.org>; Thu, 04 Mar 2010 09:20:53 -0800 (PST)
Received: by 10.223.60.138 with SMTP id p10mr256227fah.32.1267723253399; Thu, 04 Mar 2010 09:20:53 -0800 (PST)
Received: from [192.168.0.100] (host116-234-static.43-88-b.business.telecomitalia.it [88.43.234.116]) by mx.google.com with ESMTPS id 15sm540989fxm.0.2010.03.04.09.20.51 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 04 Mar 2010 09:20:52 -0800 (PST)
Message-ID: <4B8FEBEE.5040702@webtide.com>
Date: Thu, 04 Mar 2010 18:20:46 +0100
From: Greg Wilkins <gregw@webtide.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Hybi <hybi@ietf.org>
References: <8B0A9FCBB9832F43971E38010638454F032E566DDF@SISPE7MB1.commscope.com> <Pine.LNX.4.64.1002150605580.29686@ps20323.dreamhostps.com> <4B8F6056.8060809@webtide.com> <CE4EF44A-6C8F-43BC-ABF4-777C1149A16F@d2dx.com> <4B8F72FA.2050908@webtide.com> <4B8F7399.40208@webtide.com> <3212A766-9009-4DD6-BA63-53CCF4E98E5D@d2dx.com> <4B8FD541.7060301@webtide.com> <3B402915-D56C-4CFD-8ED2-122BE4FBBBA3@d2dx.com>
In-Reply-To: <3B402915-D56C-4CFD-8ED2-122BE4FBBBA3@d2dx.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [hybi] WebSocket feedback
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 17:21:00 -0000
Vladimir Katardjiev wrote: > I don't think it's an attack vector anymore. Originally, it was to > prevent XHR/CORS from creating a WebSocket connection, but the > requirements on Sec-* headers should avert that. Right now it has > more to do with having a websocket connection fail early in case > of an intermediary that doesn't understand websockets. I think there are plenty of intermediaries that don't understand websocket that will pass these bytes on well enough for the handshake to pass. Problems with transparent intermediaries that don't understand websocket are more likely to manifest themselves on small blocks of bytes sent independently of a valid HTTP request. Having a header (with spaces) inserted by the web socket client that the server needed to echo back, was a solution to the problem that appear to have pretty good consensus. I think this latest proposal goes a little too far. Probably we need to spend some more time getting the requirements well written and accepted before we can decide if such complications in the handshake are actually needed by any agreed requirement. cheers
- Re: [hybi] WS ABNF Dave Cridland
- Re: [hybi] WS ABNF Julian Reschke
- Re: [hybi] WS ABNF Greg Wilkins
- Re: [hybi] WS ABNF Thomson, Martin
- [hybi] WS ABNF Thomson, Martin
- Re: [hybi] WS ABNF Dave Cridland
- Re: [hybi] WS ABNF Julian Reschke
- Re: [hybi] WS ABNF Jamie Lokier
- Re: [hybi] WS ABNF Pieter Hintjens
- Re: [hybi] WS ABNF Dave Cridland
- Re: [hybi] WS ABNF Dave Cridland
- Re: [hybi] WS ABNF Greg Wilkins
- Re: [hybi] WS ABNF Scott Ferguson
- Re: [hybi] WS ABNF Dave Cridland
- Re: [hybi] WS ABNF Scott Ferguson
- Re: [hybi] WebSocket feedback Thomson, Martin
- [hybi] WebSocket feedback Ian Hickson
- Re: [hybi] WebSocket feedback Ian Hickson
- Re: [hybi] WebSocket feedback Greg Wilkins
- Re: [hybi] WebSocket feedback Vladimir Katardjiev
- Re: [hybi] WebSocket feedback Greg Wilkins
- Re: [hybi] WebSocket feedback Greg Wilkins
- Re: [hybi] WebSocket feedback Vladimir Katardjiev
- [hybi] Publishing drafts, Re: WebSocket feedback Julian Reschke
- Re: [hybi] Publishing drafts, Re: WebSocket feedb… Julian Reschke
- [hybi] Framing, was Re: WebSocket feedback Dave Cridland
- Re: [hybi] WebSocket feedback Greg Wilkins
- Re: [hybi] WebSocket feedback Vladimir Katardjiev
- Re: [hybi] WebSocket feedback Greg Wilkins
- Re: [hybi] WebSocket feedback Joe Hildebrand
- Re: [hybi] WebSocket feedback Greg Wilkins
- Re: [hybi] WebSocket feedback Greg Wilkins
- Re: [hybi] WebSocket feedback Julian Reschke
- Re: [hybi] WebSocket feedback Mridul Muralidharan
- [hybi] requirement: backwards compatible?. was : … Greg Wilkins
- Re: [hybi] requirement: backwards compatible?. wa… Anne van Kesteren
- Re: [hybi] requirement: backwards compatible?. wa… Vladimir Katardjiev