IETF Logo Mail Archive

Re: [hybi] Review of draft-ietf-hybi-thewebsocketprotocol-13

Iñaki Baz Castillo <ibc@aliax.net> Tue, 06 September 2011 15:20 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB80E21F8BB5; Tue, 6 Sep 2011 08:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.645
X-Spam-Level:
X-Spam-Status: No, score=-2.645 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fX7gGvMTRTWC; Tue, 6 Sep 2011 08:20:15 -0700 (PDT)
Received: from mail-qw0-f52.google.com (mail-qw0-f52.google.com [209.85.216.52]) by ietfa.amsl.com (Postfix) with ESMTP id 3776021F8B4D; Tue, 6 Sep 2011 08:20:14 -0700 (PDT)
Received: by qwb8 with SMTP id 8so5467393qwb.25 for <multiple recipients>; Tue, 06 Sep 2011 08:22:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.28.200 with SMTP id n8mr3984106qcc.291.1315322520690; Tue, 06 Sep 2011 08:22:00 -0700 (PDT)
Received: by 10.229.79.207 with HTTP; Tue, 6 Sep 2011 08:22:00 -0700 (PDT)
In-Reply-To: <72E40A0F-C923-472F-9534-538B89F7A444@bbn.com>
References: <942CCA6B-B784-441B-96CA-3506FFC439E1@bbn.com> <CALiegfmyQ5h4S2FgBnrh2VLr8+q-h0sLiGsww7T+1VwYNRo4wQ@mail.gmail.com> <72E40A0F-C923-472F-9534-538B89F7A444@bbn.com>
Date: Tue, 06 Sep 2011 17:22:00 +0200
Message-ID: <CALiegfm9GT1B9zseiNfatT1L0JpqihkZ3m=oNz9fA20dx8BVBA@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: "Richard L. Barnes" <rbarnes@bbn.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: General Area Review Team <gen-art@ietf.org>, hybi@ietf.org
Subject: Re: [hybi] Review of draft-ietf-hybi-thewebsocketprotocol-13
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2011 15:20:15 -0000

2011/9/6 Richard L. Barnes <rbarnes@bbn.com>:
> Clearly it already has to be WebSocket aware, and it already has to read the opcode in order to distinguish data frames from control frames.  Adding on a requirement to break at code point boundaries does not seem hugely onerous.  It's three lines of C:

No please. WS framing is like a "transport" layer, not application layer.

> In contrast, *not* requiring breaking at UTF-8 code points means that clients can't do any meaningful validation on text frames.  Which means you might as well get rid of text frames entirely.

I strongly propose changing the meaning of 1007 status code from:

      1007 indicates that an endpoint is terminating the connection
      because it has received data that was supposed to be UTF-8 (such
      as in a text frame) that was in fact not valid UTF-8 [RFC3629].

to:

      1007 indicates that an endpoint is terminating the connection
      because it has received a message that was supposed to be UTF-8
      that was in fact not valid UTF-8 [RFC3629].


WS message format MUST be validated when receiving all the frames
belonging to such message, as message inspection/usage belongs to the
WS application, rather than the WS "transport" layer (frames).

As I've said before, these issues are caused due to the lack of
*logical layers* in the protocol spec.

-- 
Iñaki Baz Castillo
<ibc@aliax.net>

v2.23.0 | Report a Bug | By Email