Re: [hybi] #1: HTTP Compliance
Maciej Stachowiak <mjs@apple.com> Mon, 17 May 2010 09:31 UTC
Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C45F63A6965 for <hybi@core3.amsl.com>; Mon, 17 May 2010 02:31:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.463
X-Spam-Level:
X-Spam-Status: No, score=-104.463 tagged_above=-999 required=5 tests=[AWL=-0.464, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVz7iszVQS3J for <hybi@core3.amsl.com>; Mon, 17 May 2010 02:31:44 -0700 (PDT)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by core3.amsl.com (Postfix) with ESMTP id 4C8383A690A for <hybi@ietf.org>; Mon, 17 May 2010 02:29:52 -0700 (PDT)
Received: from relay16.apple.com (relay16.apple.com [17.128.113.55]) by mail-out3.apple.com (Postfix) with ESMTP id 6B47492FF267 for <hybi@ietf.org>; Mon, 17 May 2010 02:29:44 -0700 (PDT)
X-AuditID: 11807137-b7c23ae000001561-a4-4bf10c884ff2
Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay16.apple.com (Apple SCV relay) with SMTP id 4C.A5.05473.88C01FB4; Mon, 17 May 2010 02:29:44 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="us-ascii"
Received: from [10.0.1.6] (c-69-181-42-237.hsd1.ca.comcast.net [69.181.42.237]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0L2K00CIA51JUZ60@et.apple.com> for hybi@ietf.org; Mon, 17 May 2010 02:29:44 -0700 (PDT)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <4BF106AD.6020506@webtide.com>
Date: Mon, 17 May 2010 02:29:43 -0700
Message-id: <A42E692A-7210-4FF1-AB4F-CFB3E8C38756@apple.com>
References: <068.d07026741c6694cd80652d2a7d34f236@tools.ietf.org> <4BF106AD.6020506@webtide.com>
To: Greg Wilkins <gregw@webtide.com>
X-Mailer: Apple Mail (2.1078)
X-Brightmail-Tracker: AAAAAQAAAZE=
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] #1: HTTP Compliance
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2010 09:31:46 -0000
On May 17, 2010, at 2:04 AM, Greg Wilkins wrote: > > All, > > I know this issues has been somewhat sidetracked by the > discussion about TLS. > > However, this particular requirements is conditional for only when > sharing a port with HTTP, so I think it valuable to continue to > try to finalize this requirement. I think we need to reframe this requirement so that it makes sense even if we change the handshake to be at the TLS level rather than at the HTTP level. Both the current requirement and the new requirement would make no sense if the handshake was done via TLS. > > Currently there is no clear consensus either way, with perhaps > a few more voices against compliance is not required. > > For firstly, I'd like to encourage all list lurkers to > speak up and help sway the debate one way or the other. > > Also, in an attempt to move the conversation on, I'd like > flip the question around and ask if somebody can clearly > state what is the down side of adopting HTTP compliance > other than it might force a breaking change in the > -76 draft. Is there some other requirement that can only > be achieved by breaking compliance? Ian has claimed that the extra bytes after the request help WebSocket fail early in the face of unaware proxies, though we do not yet have data showing this to be the case. We do know that without this, often the handshake will appear to succeed but transmitting messages will fail, for the network setups of many users. I don't think anyone has indicated a practical problem caused by the extra bytes. If we do get evidence that the extra bytes make the WebSocket protocol work better, and if we do not get evidence that they actually cause a problem for WebSocket servers that are sharing a port with a Web server, then I think we should sacrifice theoretical purity for practical benefit. That being said, this whole issue is irrelevant if we switch to TLS-only and a handshake based on nextprotoneg (and possibly TLS upgrade followed by nextprotoneg). We should try to frame the requirements so they do not overly depend on the technical details of the current draft. If a requirement could be completely invalidated by a plausible technical change, then it is framed the wrong way and depends too much on protocol details. It would be an indication that we're trying to move issues that should be technical decisions about the protocol into the requirements document. Therefore, I think the "HTTP compatible/compliant" requirement should be deleted completely, or rewritten to make sense for any plausible handshake. I note that the following requirement would apply reasonably to both the current draft mechanism and the proposed TLS-based handshake (with perhaps added specific mention of HTTPS): "The WebSocket protocol MUST allow HTTP and WebSocket connections to be served from the same port. Consideration MUST be given: * to provide WebSocket services via modules that plug in to existing web infrastructure. * to making it possible and practical to implement standalone implementations of the protocol without requiring a fully conforming HTTP implementation." and should cover all the practical issues that would actually be faced by servers in either scenario. Regards Maciej
- [hybi] #1: HTTP Compliance hybi issue tracker
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Maciej Stachowiak
- Re: [hybi] #1: HTTP Compliance Ian Hickson
- Re: [hybi] #1: HTTP Compliance Vladimir Katardjiev
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Maciej Stachowiak
- Re: [hybi] #1: HTTP Compliance Ian Hickson
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Julian Reschke
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Salvatore Loreto
- Re: [hybi] #1: HTTP Compliance Dave Cridland
- Re: [hybi] #1: HTTP Compliance Scott Ferguson
- Re: [hybi] #1: HTTP Compliance Maciej Stachowiak
- Re: [hybi] #1: HTTP Compliance Maciej Stachowiak
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Daniel Stenberg
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Bjoern Hoehrmann
- Re: [hybi] #1: HTTP Compliance Bjoern Hoehrmann
- Re: [hybi] #1: HTTP Compliance Ian Hickson
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Ian Hickson
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Pieter Hintjens
- Re: [hybi] #1: HTTP Compliance Roberto Peon
- Re: [hybi] #1: HTTP Compliance Ian Hickson
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Scott Ferguson
- Re: [hybi] #1: HTTP Compliance Roberto Peon
- Re: [hybi] #1: HTTP Compliance Ian Hickson
- Re: [hybi] #1: HTTP Compliance John Tamplin
- Re: [hybi] #1: HTTP Compliance John Tamplin
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Roberto Peon
- Re: [hybi] #1: HTTP Compliance John Tamplin
- Re: [hybi] #1: HTTP Compliance Roberto Peon
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Roberto Peon
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Ian Hickson
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Jamie Lokier
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Ian Hickson
- Re: [hybi] #1: HTTP Compliance John Tamplin
- Re: [hybi] #1: HTTP Compliance Julian Reschke
- Re: [hybi] #1: HTTP Compliance Greg Wilkins
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Roberto Peon
- Re: [hybi] #1: HTTP Compliance Julian Reschke
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- [hybi] An input document (was: #1: HTTP Complianc… S Moonesamy
- Re: [hybi] #1: HTTP Compliance Shelby Moore
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance gustav trede
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Shelby Moore
- Re: [hybi] #1: HTTP Compliance gustav trede
- Re: [hybi] #1: HTTP Compliance Daniel Stenberg
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Shelby Moore
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Shelby Moore
- Re: [hybi] #1: HTTP Compliance Shelby Moore
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Shelby Moore
- Re: [hybi] #1: HTTP Compliance Adam Barth
- Re: [hybi] #1: HTTP Compliance L.Wood
- Re: [hybi] #1: HTTP Compliance Adam Barth
- Re: [hybi] #1: HTTP Compliance Julian Reschke
- [hybi] Objections (was: #1: HTTP Compliance) S Moonesamy
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Shelby Moore
- Re: [hybi] #1: HTTP Compliance Willy Tarreau
- Re: [hybi] #1: HTTP Compliance Shelby Moore
- Re: [hybi] #1: HTTP Compliance Greg Wilkins