Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-00.txt

Mike Bishop <Michael.Bishop@microsoft.com> Wed, 18 October 2017 18:00 UTC

Return-Path: <Michael.Bishop@microsoft.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 244DB132C2A for <hybi@ietfa.amsl.com>; Wed, 18 Oct 2017 11:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1JroP7DVK4dE for <hybi@ietfa.amsl.com>; Wed, 18 Oct 2017 10:59:58 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0105.outbound.protection.outlook.com [104.47.36.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B62A613300C for <hybi@ietf.org>; Wed, 18 Oct 2017 10:59:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=JDYtFh0fvch8KSQ5FKZhurXq6d0rdKgV1z3cdnDvtsc=; b=iSXfJl4vbe5xPVNGzeDzcbbegUNSvQVKeRGAQEi1zMFce9M598hpJNQ+ptJ+cRGDx4BA75oMuzjGgDM5UlIVNDrRlV2t2v3CB4aWa85jLqhsplkBKtTOi8qLHsAnuQQuBqIrLibdgVbkEttmawHx5J3uaxmtRANO20RMK+wBzp0=
Received: from MWHPR21MB0141.namprd21.prod.outlook.com (10.173.52.11) by MWHPR21MB0175.namprd21.prod.outlook.com (10.173.52.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.178.1; Wed, 18 Oct 2017 17:59:54 +0000
Received: from MWHPR21MB0141.namprd21.prod.outlook.com ([10.173.52.11]) by MWHPR21MB0141.namprd21.prod.outlook.com ([10.173.52.11]) with mapi id 15.20.0178.002; Wed, 18 Oct 2017 17:59:54 +0000
From: Mike Bishop <Michael.Bishop@microsoft.com>
To: Patrick McManus <pmcmanus@mozilla.com>, Stefan Eissing <stefan.eissing@greenbytes.de>
CC: Andy Green <andy@warmcat.com>, Martin Thomson <martin.thomson@gmail.com>, hybi <hybi@ietf.org>, Cory Benfield <cory@lukasa.co.uk>, McManus Patrick <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-00.txt
Thread-Index: AQHTRnkXSa3fJMYEE0KGC67TZNNyA6LmtAUggABLXYCAAMADgIAAXa0AgAAcXDCAAa0pEA==
Date: Wed, 18 Oct 2017 17:59:54 +0000
Message-ID: <MWHPR21MB01415416D25047646965567B874D0@MWHPR21MB0141.namprd21.prod.outlook.com>
References: <150807649389.12130.9191022211105955718.idtracker@ietfa.amsl.com> <CAOdDvNqhaTJmLcEk3CwBBaAbdOroc4U46z+nJzC7+chd1ErSDA@mail.gmail.com> <FEBB57D4-E841-4F45-9B62-81FFC653FF70@lukasa.co.uk> <0F93FB58-579D-4F52-8F22-5FEAFBC99165@warmcat.com> <CAOdDvNpCVxsaKEzoW3EWsK1hmWSBPOP+GHnK-DcP4QO4om_khQ@mail.gmail.com> <f4bb6b5c-b12e-dc59-6faa-15588b692574@warmcat.com> <CABkgnnUfDwYmxi72f-x=z=iwf4+3L_rcLqufJRYvEMpP=Fb3MA@mail.gmail.com> <a4229e61-fb04-30b1-f2c7-a862645d0059@warmcat.com> <CABkgnnX0uXm1mDHL+dy6Z+mCZdofkEshd5jy-a0jV-Hsp88yQA@mail.gmail.com> <3dd5002d-49ca-4af5-1b38-f1dbe530b98e@warmcat.com> <CABkgnnWfTcGyUDBfSs1S+M4xaeELZKXa=9JP79kKKvsSjL_ouA@mail.gmail.com> <dda4b424-b2e3-7096-c2ce-f61e54df2384@warmcat.com> <CABkgnnVeXGzw2HjxkUWW8O_EOjhe6j3p1yqJUuezvMnBtHxtLQ@mail.gmail.com> <e971cda1-f022-50a6-0e3b-d1a264d6f358@warmcat.com> <CAOdDvNrZf-19CmPnZFma_H+iajVgXkUjFiPH0jX3MAVVKju5hg@mail.gmail.com> <MWHPR21MB0141A705D0182DA51B934280874F0@MWHPR21MB0141.namprd21.prod.outlook.com> <CAOdDvNpCGnZcAUaVaVq7eOLkvQFMbd5qf5BAX30nR8iU9=696A@mail.gmail.com> <1B8ED5DE-6147-4463-AA8C-561B6E03C1F0@greenbytes.de> <CAOdDvNrKDEhbFzdMfOwZOBr8pTSJiMqmYs0VDPpSsQr_TUhQig@mail.gmail.com> <MWHPR21MB01415F7DABA1F6804AFD2669874C0@MWHPR21MB0141.namprd21.prod.outlook.com>
In-Reply-To: <MWHPR21MB01415F7DABA1F6804AFD2669874C0@MWHPR21MB0141.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:c::28b]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR21MB0175; 6:sL26QgU9fwGm0Narta1tsafmyvxLgSflWjx1kxIGwAdnDDmGYUyrjxJBiqL1yxmYKBfGPR7+8tyyZN+kESr+fGI+TOXFq7VynX0Ha8t7p8KtwzI0HbBWVZdKp/If2/cGqJo7CsWJlwmKnNG3EQuUzMyVu3K8aR+j4I4farOsM2vsS0uLdJkfG6D3dBpIJ9mFg/CpN7ypSTAQgTeN0j/t6Evmqq3pqT5P1vu9pMwxPz6XDks6Dcd6KsDMF3v4seUew0Aw/oYqwWExs94vmyH2pnCv4Ts6uXUS5McQ3+nP3v+b1oJ44YwvdNb4I29+X3uUAxTllSMJiWgQOsNDmjaUBflr4Uqo68LPkp0yMMa2CeE=; 5:PKNoanSn/yYsGJkX7qWktbtZNKrwlomz7zOqcQObcZFGsMOlcPBNGKZbr74Y7G6C20TvqZBx05XdpbTslxQYVxL31HzRSu6tRJbpBTPP/WO9u1HQdV6KZaExQ4+C7N9/AnYJ97rnBb3bt5ym7KnKl783liqzm3dAgge6m0xC7nw=; 24:qTNxYLisUe34Vi1FBFIA7SClTK4fefCq0sQX4wvUTTp+EtpARpE9mx8VEz2L9aEuprr/lRKAklgZymRXZtjhirbhUwWUnxFUazx/mY4nmEA=; 7:nPk97E/3S9BSEEhaGaEjieIm3kIW6d54dMxnxIGc/C07nvTvvEC/z5KXSOTyyKysMhbyE+Ct+/JXqsMXdm6a5Q12wBWmpPAUWmBY4QxWmqSMqLgKS1xO/+/Li66ZIPQZdALSS4eT+HFO8gYok2Oh+FXDRIdSsmTGpeoauPBUa3Za/Jo8joOoUfEZFlUMgUS02iivaWhH+5J+MGrynXgTsQkOABcMiaK5divME3g6HJ1Leym1l6uvBQjdvbnmfRbu
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 86b014de-a12b-4cb0-05b2-08d5165209c0
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603224)(201703131423075)(201703031133081)(201702281549075); SRVR:MWHPR21MB0175;
x-ms-traffictypediagnostic: MWHPR21MB0175:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Bishop@microsoft.com;
x-exchange-antispam-report-test: UriScan:(158342451672863)(89211679590171)(100405760836317)(21748063052155)(21532816269658)(17755550239193);
x-microsoft-antispam-prvs: <MWHPR21MB01750F0B7BF7A2FDA3693B96874D0@MWHPR21MB0175.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123560025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR21MB0175; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR21MB0175;
x-forefront-prvs: 0464DBBBC4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(346002)(47760400005)(24454002)(199003)(189002)(377454003)(77096006)(50986999)(76176999)(236005)(9686003)(74316002)(54896002)(478600001)(6436002)(54906003)(53936002)(55016002)(99286003)(2950100002)(7110500001)(7696004)(189998001)(7736002)(53546010)(14454004)(110136005)(8990500004)(10290500003)(5660300001)(19609705001)(8936002)(54356999)(347745004)(3660700001)(6306002)(106356001)(72206003)(105586002)(8676002)(6506006)(3280700002)(790700001)(316002)(102836003)(6116002)(97736004)(229853002)(33656002)(25786009)(101416001)(93886005)(22452003)(81166006)(2900100001)(39060400002)(86612001)(6246003)(10710500007)(4326008)(81156014)(230783001)(15650500001)(2420400007)(10090500001)(2906002)(86362001)(68736007); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0175; H:MWHPR21MB0141.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR21MB01415416D25047646965567B874D0MWHPR21MB0141namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 86b014de-a12b-4cb0-05b2-08d5165209c0
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Oct 2017 17:59:54.8621 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0175
Archived-At: <https://mailarchive.ietf.org/arch/msg/hybi/FHFhyUI0DLHDLZqmHu0skXFMFLo>
Subject: Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-00.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hybi/>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2017 18:00:02 -0000

Having discussed with our dev lead, I think there’s one other barrier here:  State machine.  WebSocket requests that support Upgrade have to go to the resource to decide whether to accept them, and having two “encapsulated” requests is challenging.  Likewise, the client sends two requests, which contorts the exposed state machine on that side.  We could lie and use the states that exist for connecting via a proxy, but if the client isn’t expecting to use a proxy that’s equally problematic.

I think we’re amenable to defining a way to define upgrade-of-stream, but the double-upgrade model is challenging.

Also, he pointed out that legacy WebSockets had the useful property that an unsupporting server would simply handle the vanilla GET, rather than failing entirely.  The server setting partially mitigates that, but you still don’t know which protocols the server is willing to consider.

From: Mike Bishop
Sent: Tuesday, October 17, 2017 9:34 AM
To: 'Patrick McManus' <pmcmanus@mozilla.com>;; Stefan Eissing <stefan.eissing@greenbytes.de>;
Cc: Andy Green <andy@warmcat.com>;; Martin Thomson <martin.thomson@gmail.com>;; hybi <hybi@ietf.org>;; Cory Benfield <cory@lukasa.co.uk>;; McManus Patrick <mcmanus@ducksong.com>;; HTTP Working Group <ietf-http-wg@w3.org>;
Subject: RE: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-00.txt

This is somewhat conjecture, since I haven’t gone over it with our dev team, but I think it plays out to (c).  We’ve had enough people ask for WebSocket support, it will eventually happen if there’s an interoperable way to do it.  IIRC, Upgrade is pluggable. When a protocol upgrades to websocket, we check if there’s a handler for that protocol.  If so, we return 101 and give control of the TCP connection to that handler; the HTTP layer becomes passthrough.

If we have to support pulling in HTTP/1.1 parsing to that stream simply to do an Upgrade, that’s an additional scenario we have to support in-line first, and an extra layer to go passthrough in the hopefully-common case.  I’d rather be able to hand the stream directly to the WebSocket library (owned by a different team) and be done, even if it means there’s an H2-specific Upgrade path.  (Which, it turns out, there is in this draft already.)

We could still decide to support H2-“upgrade”-to-H1 in the future, but it would be because that’s a feature we found we needed for some reason, not because it was an annoying stepping-stone to something we actually wanted.  (In fact, our most common reason to issue HTTP_1_1_REQUIRED is client certificates, which this won’t help.)

From: Patrick McManus [mailto:pmcmanus@mozilla.com]
Sent: Tuesday, October 17, 2017 7:34 AM
To: Stefan Eissing <stefan.eissing@greenbytes.de<mailto:stefan.eissing@greenbytes.de>>
Cc: Patrick McManus <pmcmanus@mozilla.com<mailto:pmcmanus@mozilla.com>>; Mike Bishop <Michael.Bishop@microsoft.com<mailto:Michael.Bishop@microsoft.com>>; Andy Green <andy@warmcat.com<mailto:andy@warmcat.com>>; Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>>; hybi <hybi@ietf.org<mailto:hybi@ietf.org>>; Cory Benfield <cory@lukasa.co.uk<mailto:cory@lukasa.co.uk>>; McManus Patrick <mcmanus@ducksong.com<mailto:mcmanus@ducksong.com>>; HTTP Working Group <ietf-http-wg@w3.org<mailto:ietf-http-wg@w3.org>>
Subject: Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-00.txt

Clearly substituting the h1 exchange out in favor of a new websockets specific exchange that contained sub-protocol and version tokens would look better on paper... I actually thought diverging from 6455 would make people LESS likely to implement. Maybe I'm wrong.

So let's poll - please speak up if you have a ws impl (either client or server):

If the spec added a new websockets specific parameter negotiation and removed the H1 syntax it would make me
 a] MORE likely to implement
 b] LESS likely to implement
 c] wouldn't change my behavior but I like it more
 d] wouldn't change my behavior but it would be more painful (or like it less)
 e] really don't care at all.

On Tue, Oct 17, 2017 at 4:58 AM, Stefan Eissing <stefan.eissing@greenbytes.de<mailto:stefan.eissing@greenbytes.de>> wrote:


> Am 16.10.2017 um 23:31 schrieb Patrick McManus <pmcmanus@mozilla.com<mailto:pmcmanus@mozilla.com>>:
>
> On Mon, Oct 16, 2017 at 1:13 PM, Mike Bishop <Michael.Bishop@microsoft.com<mailto:Michael.Bishop@microsoft.com>> wrote:
[...]
>
> I hear what you're saying.. but I think you're going a touch too far. websocket means 6455 which has all that h1 stuff as part of its configuration.. I think it would be totally fair to say such a server could have a more constrained parser that failed any non-ws compliant handshake even if it were valid h1. Mostly I think it becomes an insanely ugly what to do websocket parameter exchange.
>
> I think of origin info (scheme and authority) more as keys to route the CONNECT request.. it's :protocol that defines what to do in the tunnel. I admit I did consider calling it :alpn (which has a similar kind of property.. its a route of sorts but it doesn't bear the SETTINGS or magic of h2)

Me stupid. Me asking, why not :upgrade?

ht;dr (have time, do read)

As proposed, the CONNNECT seems to say: let's talk HTTP/1.1 on this stream from now on, afaict.

From a server implementation pov that opens a larger can of worms. It would mean warming up the HTTP/1.1 engine for the DATA on this stream. That needs some extra care so that it does only safe things inside a h2 stream. On first glance, it seems to be easier and safer to do the stream :upgrade inside the h2 protocol handling itself.

Just my initial gut reaction...

-Stefan

> You have kind of let the cat out of the bag at just doing an h1 connect. That's actually possible with the draft (or at least envisioned) as I defined :protocol separate from the websocket specific stuff... but I kinda hope to never speak of it again :)
>
> This is a tough one - its definitely going for simplicity as its main goal.. that means ignoring many places that can be improved. That's a choice based on
>  a] the history of other efforts seem to suggest there is no stomach for complexity/risk here
>  b] we hear about this problem enough that I think its worth seeing if this can be m ade a consensus mvp
>  c] my belief that websockets is a transitional technology - it will be around for years but some kind of native http will supplant it.
>
> ymmv (more than usual on this one!)
>
> -P
>
>
>
>
> Given that you’re doing the full Upgrade-to-WebSockets dance inside the tunneled connection, why don’t you just say that you’re CONNECTing to an HTTP/1.1 tunnel?  That’s then treated as HTTP/1.1 over TCP, which is fully allowed to do Upgrade itself.  If you’re sure that’s the path you want, then simply say in the HTTP/2 layer that you’re doing HTTP/1.1 inside the stream.  Incidentally, that might be a nice alternative for dealing with HTTP_1_1_REQUIRED responses, too!
>
>
>
> From: Patrick McManus [mailto:pmcmanus@mozilla.com<mailto:pmcmanus@mozilla.com>]
> Sent: Monday, October 16, 2017 5:16 AM
> To: Andy Green <andy@warmcat.com<mailto:andy@warmcat.com>>
> Cc: Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>>; Patrick McManus <pmcmanus@mozilla.com<mailto:pmcmanus@mozilla.com>>; hybi <hybi@ietf.org<mailto:hybi@ietf.org>>; Cory Benfield <cory@lukasa.co.uk<mailto:cory@lukasa.co.uk>>; Patrick McManus <mcmanus@ducksong.com<mailto:mcmanus@ducksong.com>>; HTTP Working Group <ietf-http-wg@w3.org<mailto:ietf-http-wg@w3.org>>
> Subject: Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-00.txt
>
>
>
>
>
>
>
> On Mon, Oct 16, 2017 at 12:44 AM, Andy Green <andy@warmcat.com<mailto:andy@warmcat.com>> wrote:
>
>
> You can probably pipeline the CONNECT + ws handshake though, Patrick shows them sequentially and I didn't think about it myself.
>
>
>
> right. The example is just for clarity and cannot show all expressions of h2 flows.
>
>
>
> CONNECT + DATA before the response headers is pretty much the h2 analog of TCP Fast Open. The devil is in the details.. That's a general CONNECT + DATA issue not limited to the protocol upgrade described here so I don't think its worth discussion in a websockets rfc.
>
>
>
> I think the path to success here hinges on a very tight scoping of work and therefore optimizing handshake latency is a non-goal of this effort.
>
>
>
>
>
> Still only two round trips.
>
>
>  - SETTINGS                      - SETTINGS
>  - GET /index.html
>                  - 200 HEADERS + DATA
>
>  - :method CONNECT
>  - DATA ws handshake
>                   - 200 HEADERS
>                   - DATA ws handshake final
>                   - DATA...
>
>  - DATA ...             - DATA...
>
> With the part of the pipelining that is legal for ws, two round trips before the client can start to send data and 1.5 before the server can send data... if it's true then you're right it's not so bad.
>
> Were you concerned that the client needs to learn that the server
> supports websockets and not just :protocol?
>
>
> No I just followed Patrick's sequencing; he shows them serialized.  But you're right at least the CONNECT + ws handshake can probably be pipelined.
>
> That's also going to be a variation from normal h2 HEADERS flow if I understood it, on one stream there will be END_HEADERs coming twice (for the CONNECT and the ws handshake separately)
>
> Anyway you are right, it makes any difference with PUSH_PROMISE probably not worth the effort.
>
> -Andy
>
>
>
>