[hybi] Greg's proposal
Brodie Thiesfield <brofield2@jellycan.com> Sun, 21 November 2010 03:41 UTC
Return-Path: <brofield@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BB2C928C10A for <hybi@core3.amsl.com>; Sat, 20 Nov 2010 19:41:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Icanr8zGiZPg for <hybi@core3.amsl.com>; Sat, 20 Nov 2010 19:41:07 -0800 (PST)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by core3.amsl.com (Postfix) with ESMTP id B393F28C0E7 for <hybi@ietf.org>; Sat, 20 Nov 2010 19:41:07 -0800 (PST)
Received: by qyk12 with SMTP id 12so228831qyk.10 for <hybi@ietf.org>; Sat, 20 Nov 2010 19:42:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=Q6+ixYJ/bwQwejzkxoYK2hoku6n6VQZgCcWcpSb1Otk=; b=Ee+1tXd+nEiPQZ9s8Hwf+mU7y/EZk6bRYv+bANvFrKCsexFUQb+IS8smQYTFWXO6eO fOdZ1oGS3KOZ0GiGA5Fcgqrb8liTtgPV845PshsIfI3mekxRdtZi/bCRL3cE6rlkDSgO kL2ox/UXqfs4Cc+NpxmA1pDnyRTafyNNiO5Qg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=MTZEbBAK5MTkY7qfXWb+23jPVmkDrmwulVew0Ty5Y06/himdUvRY7O0sdjqS/Xnjw7 LzTj2+RxfwIqxp29FMxTpPryCFZBHGluCARanRiN6wYpljWSr9QwcoBTXcm3o3Ju8uu7 rdzkL0YfO5nUpXl1IlO9URtpoNdaPXuMYfWu4=
MIME-Version: 1.0
Received: by 10.229.182.147 with SMTP id cc19mr3532028qcb.265.1290310919954; Sat, 20 Nov 2010 19:41:59 -0800 (PST)
Sender: brofield@gmail.com
Received: by 10.229.39.11 with HTTP; Sat, 20 Nov 2010 19:41:59 -0800 (PST)
Date: Sun, 21 Nov 2010 12:41:59 +0900
X-Google-Sender-Auth: Z4g6RXz2LnLI0Z4lb4ChYjBRY6g
Message-ID: <AANLkTi=ochXLBWypzbZg-k=J_2ODG2z4f8X4QwkDSa6V@mail.gmail.com>
From: Brodie Thiesfield <brofield2@jellycan.com>
To: Hybi <hybi@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [hybi] Greg's proposal
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Nov 2010 03:41:08 -0000
All, It appears that the inability to agree on a handshake is causing the discussion to stall. If nothing is decided, then the current handshake will be the winner by default. Since the current handshake has a number of problems that have been pointed out on the list many times, can we just agree to clean it up with the only the non-contentious suggestions from Greg's proposal? >From what I can see, the only part of his proposal that is causing issues is the extra round-trip required by the hello response from server to client having a nonce that the client must reply to. I understand that Greg expected the client could indefinitely delay that response until the first client -> server message, but it is still extra to the current handshake. So get rid of that bit. Just have the client -> server hello carry the framed nonce, have the server -> client hello response contain the framed nonce. We do that and we have the current handshake, cleaner and expressed in terms of WebSocket and HTTP compliant. It is no worse than the current handshake in any way, and in many ways better (HTTP compliance, easier to implement, proof in the handshake the both client and server can at least generate websocket frames, more restrictions on valid characters for user supplied data, etc). Agree on this bit and at least the default result of a complete stalling in the discussions would be a sensible and HTTP compliant handshake. Regards, Brodie
- [hybi] Greg's proposal Brodie Thiesfield