Re: [hybi] Process! was: [whatwg] HttpOnly cookie for WebSocket?

Ian Fette (イアンフェッティ) <ifette@google.com> Fri, 29 January 2010 04:16 UTC

Return-Path: <ifette@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 57DC93A67AA for <hybi@core3.amsl.com>; Thu, 28 Jan 2010 20:16:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.981
X-Spam-Level:
X-Spam-Status: No, score=-100.981 tagged_above=-999 required=5 tests=[AWL=-0.695, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, PLING_QUERY=1.39, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qpB4m04Ed22N for <hybi@core3.amsl.com>; Thu, 28 Jan 2010 20:16:36 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 4351A3A6781 for <hybi@ietf.org>; Thu, 28 Jan 2010 20:16:35 -0800 (PST)
Received: from wpaz9.hot.corp.google.com (wpaz9.hot.corp.google.com [172.24.198.73]) by smtp-out.google.com with ESMTP id o0T4GteU022242 for <hybi@ietf.org>; Thu, 28 Jan 2010 20:16:55 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1264738615; bh=CrmoCexKqny3wvZiIBzoIJUWjtg=; h=MIME-Version:Reply-To:In-Reply-To:References:Date:Message-ID: Subject:From:To:Cc:Content-Type; b=QCHsH+5gCfZPlWxhvmCY/7uy0Nog/pQ8ghe2SY6/o8Zb9s9u09yVrxhIRix0pRXnk b1e4WHNgQ78NOBW7iCmcA==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:reply-to:in-reply-to:references:date: message-id:subject:from:to:cc:content-type:x-system-of-record; b=Ol6qUhcQ+jQG4lYyOWVowiWh1Jy2741pQWLd7Myzo/45Zc8PIwvDU0j6WHm9pqwoV 6ofuJKXFT4UunZNKd8fxA==
Received: from pwi2 (pwi2.prod.google.com [10.241.219.2]) by wpaz9.hot.corp.google.com with ESMTP id o0T4GrI3021351 for <hybi@ietf.org>; Thu, 28 Jan 2010 20:16:54 -0800
Received: by pwi2 with SMTP id 2so1044989pwi.17 for <hybi@ietf.org>; Thu, 28 Jan 2010 20:16:53 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.152.6 with SMTP id z6mr208535wfd.214.1264738613488; Thu, 28 Jan 2010 20:16:53 -0800 (PST)
In-Reply-To: <4B625733.2020907@webtide.com>
References: <de17d48e1001280012i2657b587i83cda30f50013e6b@mail.gmail.com> <4B614CEC.2050400@ericsson.com> <Pine.LNX.4.64.1001280856380.22020@ps20323.dreamhostps.com> <4B616F17.4030402@ericsson.com> <4B619223.60408@webtide.com> <Pine.LNX.4.64.1001282141080.22020@ps20323.dreamhostps.com> <4B620B8F.6030706@gmx.de> <Pine.LNX.4.64.1001282217320.22053@ps20323.dreamhostps.com> <bbeaa26f1001281449q1a6e1813q3f537fe15a5a9d60@mail.gmail.com> <4B625733.2020907@webtide.com>
Date: Thu, 28 Jan 2010 20:16:53 -0800
Message-ID: <bbeaa26f1001282016me3b75c9ge10506b2da45fba4@mail.gmail.com>
From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
To: Greg Wilkins <gregw@webtide.com>
Content-Type: multipart/alternative; boundary="000e0cd154aaca6b37047e45e784"
X-System-Of-Record: true
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Process! was: [whatwg] HttpOnly cookie for WebSocket?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ifette@google.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2010 04:16:37 -0000

I'm not saying "it's deployed so it's too late to make any changes." What I
am saying is that, from what I can see, things are in a very disfunctional
state. A simple question comes up and it's not clear who is responsible for
doing what, and how we actually move forward. That's what bothers me. I
could personally care less what the actual process ends up being, so long as
when a simple question gets asked it gets answered quickly and we can move
forward. That was not happening in this case.

As for "IETF is a proven process that has worked well in the past" -- I
think there are a number of things that have changed between when HTTP was
going through the IETF process and today. First, I really don't know how
much it matters anymore whether things have an official IETF stamp of
approval, so long as implementers agree on an interface. Second, I think the
dynamics (number of people with a significant stake in the game) are
different, as is the shift from a more research-oriented (DARPA and then big
research labs like Bell Labs etc) to industry-driven environment with
manufacturers / vendors / whatever coming out with new functionality. Third,
I think things today are moving much more quickly in terms of the pace of
innovation. Fourth, I think the number of people waiting on these
innovations is much larger (look at the number of users and the amount of
commerce / transactions going on in the Internet).

So, I guess all I'm trying to say is that I don't think "IETF has worked
before so it works now" is necessarily a great argument, in much the same
vein that "it's deployed so it's too late to make any changes" is a great
argument. There are legitimate pros of the IETF process, and I don't mean to
dismiss that, but I'm not willing to take "It worked for HTTP" as some sort
of gospel truth reason why it should work for WS.

If it works, great. If it doesn't, let's figure out some process that does
work.

-Ian

2010/1/28 Greg Wilkins <gregw@webtide.com>

> Ian Fette (イアンフェッティ) wrote:
> > Instead, we are bogged down in politics.
>
> Work is proceeding on all fronts on the actual implementations,
> so I don't think we are bogged down.   Nobody is saying hold
> any releases for this.   In fact I think it will be good to
> get experience from wider usage of the protocol as it currently
> stands.
>
> But there are important issues to be discussed here and they
> should not be derided as just unproductive politics.
> Who will edit the specification document is a key question that
> needs to be answered (but probably not in the HttpOnly cookie
> thread).
>
> For me (and my company, project & community), I have a problem
> with the WhatWG process as it is not sufficiently open. It boils
> down to:
>
>  0) Ian has been appointed AFAICT by an industry consortium
>    of browser vendors.
>  1) you can talk all you like
>  2) but you have to convince Ian to change anything
>  3) you have to be prepared to be unhappy if you can't
>    convince Ian
>
> I don't mean to dis Ian or the whatwg and I understand they've
> done great work on HTML5.  But this is hardly the right
> process to standardize a protocol that will fundamentally
> affect the entire network infrastructure, with many components
> that cannot easily as easily updated as issuing a new point
> release on a browser.  I don't see how we can put 1 person
> (any person) as the sole final arbiter of such a important
> decisions.
>
> The IETF has a proven process for producing internet standards
> that the entire industry follow.    Why is websocket so special
> that it needs a different process?
>
>
> > If we can't figure out how to move forward on such a simple issue, it
> > seems to me that we are in an unworkable situation, and should probably
> > just continue the work in WHATWG through to a final spec, let
> > implementations settle for a while, and then hand it off to IETF for
> > refinement and finalization in a v2 spec... (my $0.02)
>
> I'm not a IETF process expert, but what I do know indicates
> that the IETF is just as unlikely to rubber stamp a V2 as they
> are to rubber stamp a V1.
>
> The whatwg is perfectly entitle to keep the specification
> under their own auspices, but if they want the specification
> to be given the gravitas of an official IETF document, then it
> has to be  exposed to the IETF process and achieve a rough
> consensus of all who are involved - including the whatwg.
>
> Delaying the IETF process to v2 is unlikely to change many
> of those voices from whom rough consensus is required.
> The "it's deploy now, so it's too late to change", is not
> a great argument to rely on.
>
> The whatwg has done a great job getting it this far,
> but I really think they should trust (and be involved in)
> the IETF process to take it to the next stage.
>
>
> regards
>
>
>
>
>
>