IETF Logo Mail Archive

[hybi] Subprotocol and Control Frames

Hapner mark <hapner.mark@huawei.com> Tue, 04 October 2011 20:20 UTC

Return-Path: <hapner.mark@huawei.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50CD021F8DE8 for <hybi@ietfa.amsl.com>; Tue, 4 Oct 2011 13:20:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.804
X-Spam-Level:
X-Spam-Status: No, score=-6.804 tagged_above=-999 required=5 tests=[AWL=-0.206, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0XnGjwzWEqj for <hybi@ietfa.amsl.com>; Tue, 4 Oct 2011 13:20:13 -0700 (PDT)
Received: from usaga04-in.huawei.com (usaga04-in.huawei.com [206.16.17.180]) by ietfa.amsl.com (Postfix) with ESMTP id B354921F8DE2 for <hybi@ietf.org>; Tue, 4 Oct 2011 13:20:13 -0700 (PDT)
Received: from huawei.com (usaga04-in [172.18.4.101]) by usaga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LSK0025Y5YVI9@usaga04-in.huawei.com> for hybi@ietf.org; Tue, 04 Oct 2011 15:23:19 -0500 (CDT)
Received: from dfweml202-edg.china.huawei.com ([172.18.4.104]) by usaga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LSK00BP55YUO9@usaga04-in.huawei.com> for hybi@ietf.org; Tue, 04 Oct 2011 15:23:19 -0500 (CDT)
Received: from DFWEML402-HUB.china.huawei.com (10.193.5.102) by dfweml202-edg.china.huawei.com (172.18.9.108) with Microsoft SMTP Server (TLS) id 14.1.270.1; Tue, 04 Oct 2011 13:23:19 -0700
Received: from DFWEML506-MBX.china.huawei.com ([10.124.31.111]) by DFWEML402-HUB.china.huawei.com ([::1]) with mapi id 14.01.0270.001; Tue, 04 Oct 2011 13:23:09 -0700
Date: Tue, 04 Oct 2011 20:23:08 +0000
From: Hapner mark <hapner.mark@huawei.com>
X-Originating-IP: [172.18.9.109]
To: "hybi@ietf.org" <hybi@ietf.org>
Message-id: <92457F4F764A5C4785FCDBDDDD76477A123C6E12@dfweml506-mbx>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_2qXUji/0O6/Qzx2tDV2k8w)"
Content-language: en-US
Accept-Language: en-US
Thread-topic: Subprotocol and Control Frames
Thread-index: AcyCzo83r27v+PhnTw6E8yG0xmwZAA==
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Subject: [hybi] Subprotocol and Control Frames
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2011 20:20:14 -0000

In my reading of draft 17, I do not find a definition of subprotocol that puts any restrictions on the WebSocket extensibility features a subprotocol may use. If the sense of the WG is that subprotocols are restricted to use only extension data and message format/schema restrictions, this is not apparent in the content of this draft.

It is my observation that there will be a number of WebSocket usecases that could benefit from the ability to define usecase-specific control frames to mediate message flow. Telling developers to stuff this mediation protocol into extension data rather than in control frames does not appear to increase security; rather, it likely decreases security because it intermixes control with data which is a fundamentally bad thing for a protocol design to do.

The two control frames defined by MBWS are fairly simple and are likely representative of what other subprotocols would need. It would be far better to allow MBWS to properly factor its control and data than force it to put control in its data.

It is true that TCP does not support application control extension; however, HTTP clearly does support this with a very open-ended extension of the HTTP header. The WG needs to think carefully about this. I hope there is room to resolve this issue in this version of WebSocket.

It is up to the W3C WebSocket API to insure it provides the functionality that both native users of WebSocket and implementors of WebSocket subprotocols require. In looking over what is currently defined, this API does not yet provide an API sufficient for the later. Possibly later it will. I don't believe that the design of WebSocket needs to be restricted by the current limitations of this API.

v2.23.0 | Report a Bug | By Email