Re: [hybi] Call for interest: multiplexing dedicated for WebSocket

[Adam Rice <ricea@google.com>]

On 27 May 2013 20:59, Tobias Oberstein <tobias.oberstein@tavendo.de> wrote:

> I had a look into the MUX RFC again .. couldn't find anser to the
> following (may have missed sth):
>
> What WS addresses would be eligible to be multiplexed over a single WS
> connection?
>
> a) ws://somehost.com:999/
> b) ws://somehost.com:999/foo
> c) ws://somehost.com:999/bar
>
> d) wss://somehost.com:999/
> e) wss://somehost.com:999/foo
> f) wss://somehost.com:999/bar
>
> All of a) - f) are to the same target IP:port and hence could share the
> same TCP.
>
> However, d) - f) use wss, and hence have a TLS handshake right after TCP
> establishment.
>

While you certainly can serve both ws: and wss: on a single port, and I can
see cases where you might want to, I would not in general consider it to be
a good idea.


> So d) - f) cannot be multiplexed over the same physical WS as a) - c)?
>
> Or can an implementation just "silently" transport a)-c) also over wss,
> and hence multiplex all of a) - f) over 1 physical WS?
>

The handshake does not currently include the schema, so there would be no
way to communicate to the server that a)-c) were supposed to be ws:, not
wss:.

Even if this was amended, both client and server would have to be careful
that no ambient authority leaked from the wss: channels to the ws:
channels. For example: the client would have to be careful not to send
"secure" cookies with the ws: handshakes, and the server would have to be
careful not to apply any authority contained in a client TLS certificate to
the ws: logical channels.

For this reason, I think it would be easiest not to attempt to multiplex
ws: and wss: onto a single TCP/IP connection.


> Lastly, a)-c) are to the same target IP:port and also WS schema (ws, not
> wss) - and hence can be multiplexed over 1 physical WS even though they are
> to different URL paths?
>

Yes. These semantics are inherited from HTTP/1.1.

Adam Rice