[hybi] Websocket: two protocols into one, and Internet rules broken
Iñaki Baz Castillo <ibc@aliax.net> Thu, 16 June 2011 13:06 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BCD811E8097 for <hybi@ietfa.amsl.com>; Thu, 16 Jun 2011 06:06:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.665
X-Spam-Level:
X-Spam-Status: No, score=-2.665 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVCfaLFFgFiz for <hybi@ietfa.amsl.com>; Thu, 16 Jun 2011 06:06:39 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 70DDC11E8071 for <hybi@ietf.org>; Thu, 16 Jun 2011 06:06:35 -0700 (PDT)
Received: by qwc23 with SMTP id 23so1055224qwc.31 for <hybi@ietf.org>; Thu, 16 Jun 2011 06:06:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.202.129 with SMTP id fe1mr207534qab.203.1308229590843; Thu, 16 Jun 2011 06:06:30 -0700 (PDT)
Received: by 10.229.230.129 with HTTP; Thu, 16 Jun 2011 06:06:30 -0700 (PDT)
Date: Thu, 16 Jun 2011 15:06:30 +0200
Message-ID: <BANLkTim4pKwx6wYC3WwXFWET+gx0bnjigQ@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: hybi@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: [hybi] Websocket: two protocols into one, and Internet rules broken
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 13:06:40 -0000
Hi, WebSocket is, most probably, the first protocol in the History of Internet which is, in fact, two protocols over the same stream (swtiching from HTTP to WebSocket "pure" binary protocol). As an author of HTTP commented in this maillist, that is not the aim of HTTP 101 response. So first, WebSocket uses HTTP for the handshake. This is an extension to HTTP, of course, and as an extension to HTTP it MUST define HTTP response codes for certain cases not covered by HTTP itself, but just by this specification (just talking about HTTP for now). The draft seems not to want to define such codes: ---------------- The |Sec-WebSocket-Origin| header is used to protect against unauthorized cross-origin use of a WebSocket server by scripts using the |WebSocket| API in a Web browser. The server is informed of the script origin generating the WebSocket connection request. If the server does not wish to accept connections from this origin, it can choose to reject the connection by sending an appropriate HTTP error code. ---------------- Which "appropriate HTTP error code"? Please, define it. What about if the HTTP handshake request contains an invalid Sec-WebSocket-Key header? what about if the HTTP request misses some required header? which HTTP status code should be returned by the server? Please define it. In the other side, as I said above WebSocket is the first protocol that uses two different application protocols (HTTP and WebSocket binary protocol) within the same transport stream (a TCP connection). Please don't confuse it with SOAP over HTTP, JSONRPC over HTTP, anything over HTTP or Flash protocol (RTMP) which is a *single* protocol over TCP and such protocol contains different payloads for different application streams (signalling, audio, video...). The reason this WG gives is that "we want WebSocket to work in any environment in which HTTP just works". So it assumes that Internet is broken and HTTP is the only working protocol (or just the only valid protocol). So, the only way to make a webbrowser to speak a protocol different than HTTP is by opening first a TCP connection, send a HTTP request and then "switch" to other protocol. Ugly assumption IMHO. Have you taken a look to rtc-web? http://rtc-web.alvestrand.com/ --------------------- The RTC-Web effort (Real Time Collaboration on the World Wide Web) is an effort to achieve a standardized infrastructure in Web browsers on which real-time interactive communication between users of the World Wide Web can be achieved. ----------------------- RTC-Web's aim is to provide realtime communication capabilities to web browsers, so they could speak other protocols as RTP for audio/video sessions. Of course I mean pure RTP and not "RTP over HTTP" neither "first HTTP and then RTP" (following WebSocket fashion). Now let's imagine we want web browsers to become real SIP or XMPP clients (I don't mean SIP or XMPP over WebSocket). Do you expect that the browser will first open a TCP connection, then send an HTTP "handshake" and then switch same TCP stream to speak SIP or XMPP? and all this stuff just because "HTTP is the only protocol in the world"? So, from my point of view, WebSocket breaks Internet model and their authors should ask themself "who are us to make such aberration in the History of Internet protocols"? Please, don't take me wrong. I also assume that there is no way to rebuild WebSocket with a better design as it would require designing it from the scratch. So at least, please complete the HTTP part of the protocol by defining specific HTTP response codes for certain situations that WebSocket creates (as it is also an extension to HTTP protocol). For example, in SIP protocol there are even more SIP response codes than in HTTP. If a new extension for SIP appears, it may need to create new response codes or, at least, specify which exact SIP response codes the server should reply in certain cases (specific to the given extension). IMHO WebSocket should do the same instead of trying to avoid responsabilities at HTTP level (since it *does* speak HTTP). Regards. -- Iñaki Baz Castillo <ibc@aliax.net>
- Re: [hybi] Websocket: two protocols into one, and… Anthony Catel
- [hybi] Websocket: two protocols into one, and Int… Iñaki Baz Castillo
- Re: [hybi] Websocket: two protocols into one, and… Iñaki Baz Castillo
- Re: [hybi] Websocket: two protocols into one, and… Anthony Catel
- Re: [hybi] Websocket: two protocols into one, and… Iñaki Baz Castillo
- Re: [hybi] Websocket: two protocols into one, and… Willy Tarreau
- Re: [hybi] Websocket: two protocols into one, and… Anthony Catel
- Re: [hybi] Websocket: two protocols into one, and… Joel Martin
- Re: [hybi] Websocket: two protocols into one, and… Ian Fette (イアンフェッティ)
- Re: [hybi] Websocket: two protocols into one, and… Joel Martin
- Re: [hybi] Websocket: two protocols into one, and… Ian Fette (イアンフェッティ)
- Re: [hybi] Websocket: two protocols into one, and… Willy Tarreau
- Re: [hybi] Websocket: two protocols into one, and… Philipp Serafin
- Re: [hybi] Websocket: two protocols into one, and… Joel Martin
- Re: [hybi] Websocket: two protocols into one, and… Joel Martin
- Re: [hybi] Websocket: two protocols into one, and… Iñaki Baz Castillo
- Re: [hybi] Websocket: two protocols into one, and… Ian Fette (イアンフェッティ)
- Re: [hybi] Websocket: two protocols into one, and… Dave Cridland