Re: [hybi] workability (or otherwise) of HTTP upgrade
Zhong Yu <zhong.j.yu@gmail.com> Thu, 09 December 2010 06:53 UTC
Return-Path: <zhong.j.yu@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 702583A6A0E for <hybi@core3.amsl.com>; Wed, 8 Dec 2010 22:53:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.442
X-Spam-Level:
X-Spam-Status: No, score=-2.442 tagged_above=-999 required=5 tests=[AWL=-0.682, BAYES_00=-2.599, J_CHICKENPOX_42=0.6, RCVD_IN_DNSWL_LOW=-1, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PN7zjYa8kKW for <hybi@core3.amsl.com>; Wed, 8 Dec 2010 22:53:10 -0800 (PST)
Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53]) by core3.amsl.com (Postfix) with ESMTP id 7E7F33A6A1D for <hybi@ietf.org>; Wed, 8 Dec 2010 22:53:09 -0800 (PST)
Received: by ewy6 with SMTP id 6so1469047ewy.40 for <hybi@ietf.org>; Wed, 08 Dec 2010 22:54:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=pY59V3T6RQD6Vv9fXYBCwkS0OplSasjnoi02pLiIhho=; b=mxOzPYT0NJ4f2LdlIX6BfKPvJYSdEa6argMPPZ/Q38QgSoiSiDGrb6zPPcf1TYfYFM MLwRDr6Zpbc5QZlXuijLeYjipeY0HUYxN33XJdw/n6TsCLtza5bQG9w/xSfWm2FPi3PT F59NeP4XZR2CQoDBfajx4lKYqepQLgX/Y5qBM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=B5V79YZLURR74V5pDZ5GBeZARZMoXB6/TyaxBeVJpDmWtO3Wj23s/MMDg9KPxyvEsE nQrUzz0s692tAZrFJtoBLsfyW/FmH8Frho870Z6miPGY2RWBSpmnblthmM0KD6dYHjqe Ynr78jkJbdAeTkUHpLqEjzBCLXNZ93d/wjYFo=
MIME-Version: 1.0
Received: by 10.213.32.6 with SMTP id a6mr10369060ebd.62.1291877677638; Wed, 08 Dec 2010 22:54:37 -0800 (PST)
Received: by 10.213.16.142 with HTTP; Wed, 8 Dec 2010 22:54:37 -0800 (PST)
In-Reply-To: <AANLkTi=k0Czvm_pW=N3zPAGZdKyqZGduGJUp8dk3PByX@mail.gmail.com>
References: <F4D1B715-3606-4E9A-BFB2-8B7BC11BE331@mnot.net> <57D4B885-B1D8-482F-8747-6460C0FFF166@apple.com> <37A00E8D-B55C-49AD-A85C-A299C80FFF17@mnot.net> <4F2580A7-79C2-4B0A-BCE5-7FB6D9AA0ED7@apple.com> <BB31C4AB95A70042A256109D461991260583956C@XCH117CNC.rim.net> <EA41A6C7-971C-4EC8-AA6F-96363B7FDC4C@gmail.com> <73E53F19-E0E7-4ADB-B765-ABAF0B4A6736@mnot.net> <r2f0g6d7bj770kg0db5ptr027ninmckns8@hive.bjoern.hoehrmann.de> <20C2FBB9-901F-4235-AF23-EC8262585905@mnot.net> <mgj0g6hseqb6j92au80f8d1ook058nb33m@hive.bjoern.hoehrmann.de> <25E88686-BE24-4EFD-8330-25916C891664@mnot.net> <AANLkTi=k0Czvm_pW=N3zPAGZdKyqZGduGJUp8dk3PByX@mail.gmail.com>
Date: Thu, 09 Dec 2010 00:54:37 -0600
Message-ID: <AANLkTik=aKo1+_-SGga=U8-jsTGAjy9exhNxH4beG2Ah@mail.gmail.com>
From: Zhong Yu <zhong.j.yu@gmail.com>
To: Jack Moffitt <jack@collecta.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: hybi HTTP <hybi@ietf.org>
Subject: Re: [hybi] workability (or otherwise) of HTTP upgrade
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 06:53:11 -0000
On Wed, Dec 8, 2010 at 10:10 PM, Jack Moffitt <jack@collecta.com> wrote: > One path is to combine the separate port idea along with the encryption based approach. Great argument! I think you nailed it. Guys, please hear this out. Because we can always achieve the highest success rate with WSS on port 433, we can, and we shall, completely drop the concern of success rate from WS protocol design. Success rate is a problem only in the early phase of WS adoption, and even then majority of applications won't be affected, since their target users are home users with simple networks. Of course we must care about "serious" applications that strive to reach every internet user, especially users behind corporate firewalls. The good news is, there is *the* perfect solution -- WSS:433. These companies can certainly afford this solution. Actually such applications probably shall use TLS anyway just for data privacy. According to http://www.ietf.org/mail-archive/web/hybi/current/msg05003.html the success rate of TLS on 433 is about 95%. There is *nothing* WS can do to beat that. Whichever trick we put in WS to improve success rate will be in vain, because people who really care about success rate must do WSS:433 anyway. If we drop the concern of success rate from WS design, we gain a lot of freedom. No more Upgrade or CONNECT, it's moot. Simply design a brand new syntax that's completely independent of HTTP. In the early phase of WS adoption, we will advise developers that plain WS could have problems with some firewalls for some users. They should measure *their* success rate against *their* user base. If the success rate is unacceptable, they can always fall back on WSS:433. WS clients should relax the rules of certificate validation. Don't panic on self-signed certificates like current browsers do which doesn't make any sense. If WSS with self-signed certificates are not treated more badly than plain WS, frugal application developers don't need to spend any money to use WSS for the purpose of improving success rate. WS server can even automate self-signed certificate so that developers don't need to spend much time either. If WS and HTTP syntax are completely different, it is still not a problem for them to share port(if so desired), as long as WS traffic has some magic text at the start. Web servers must be modified if they want to handle WS, that is to be expected. WS and HTTP are so different in modes of operation, it's unrealistic to require that WS can be implemented as a module to an existing HTTP server, without touching the HTTP server itself. If we drop the HTTP head from WS, it will only reduce overall work for server implementors. There are other server side components that also have to be upgraded to handle WS. We should not be too sympathetic to them. We got enough problems already, server side inconvenience should have the lowest priority. Separation of WS and HTTP will be more beneficial to the server side people. Mixing WS and HTTP will become a perpetual source of trouble. - Zhong Yu On Wed, Dec 8, 2010 at 10:10 PM, Jack Moffitt <jack@collecta.com> wrote: > One path is to combine the separate port idea along with the > encryption based approach. On the WebSocket port, you could avoid all > the intermediary issues, but perhaps be limited by firewalls. > However, you would not need any obfuscation and could easily use > sendfile(). On the TLS port you use NPN to get a WebSocket that is > not going to cause security problems with intermediaries. > > For the short term, we get WebSocket on the port with the highest > success rate, and in the long term, we have firewalls accepting the > new port as killer applications make people care. > > If we're going to lose the sendfile(), why not go the rest of the way? > Or is there something I'm missing in the port 80 but just XORed case? > > jack. > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi >
- [hybi] workability (or otherwise) of HTTP upgrade Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… Adam Barth
- Re: [hybi] workability (or otherwise) of HTTP upg… Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… Julian Reschke
- Re: [hybi] workability (or otherwise) of HTTP upg… John Tamplin
- Re: [hybi] workability (or otherwise) of HTTP upg… Julian Reschke
- Re: [hybi] workability (or otherwise) of HTTP upg… Jamie Lokier
- Re: [hybi] workability (or otherwise) of HTTP upg… William A. Rowe Jr.
- Re: [hybi] workability (or otherwise) of HTTP upg… William A. Rowe Jr.
- Re: [hybi] workability (or otherwise) of HTTP upg… Roy T. Fielding
- Re: [hybi] workability (or otherwise) of HTTP upg… Adam Barth
- Re: [hybi] workability (or otherwise) of HTTP upg… Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… John Tamplin
- Re: [hybi] workability (or otherwise) of HTTP upg… Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… John Tamplin
- Re: [hybi] workability (or otherwise) of HTTP upg… Willy Tarreau
- Re: [hybi] workability (or otherwise) of HTTP upg… Eric Rescorla
- Re: [hybi] workability (or otherwise) of HTTP upg… Willy Tarreau
- Re: [hybi] workability (or otherwise) of HTTP upg… Eric Rescorla
- Re: [hybi] workability (or otherwise) of HTTP upg… Willy Tarreau
- Re: [hybi] workability (or otherwise) of HTTP upg… Roy T. Fielding
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Maciej Stachowiak
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Adam Barth
- Re: [hybi] workability (or otherwise) of HTTP upg… Maciej Stachowiak
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Willy Tarreau
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Maciej Stachowiak
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Maciej Stachowiak
- Re: [hybi] workability (or otherwise) of HTTP upg… Adrien de Croy
- Re: [hybi] workability (or otherwise) of HTTP upg… Willy Tarreau
- Re: [hybi] workability (or otherwise) of HTTP upg… Willy Tarreau
- Re: [hybi] workability (or otherwise) of HTTP upg… Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… Maciej Stachowiak
- Re: [hybi] workability (or otherwise) of HTTP upg… Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… John Tamplin
- Re: [hybi] workability (or otherwise) of HTTP upg… Dave Cridland
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… Joe Mason
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Maciej Stachowiak
- Re: [hybi] workability (or otherwise) of HTTP upg… William A. Rowe Jr.
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Adam Barth
- Re: [hybi] workability (or otherwise) of HTTP upg… Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… Brian McKelvey
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Bjoern Hoehrmann
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Bjoern Hoehrmann
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Jack Moffitt
- Re: [hybi] workability (or otherwise) of HTTP upg… John Tamplin
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… Maciej Stachowiak
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Adrien de Croy
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Collin Jackson
- Re: [hybi] workability (or otherwise) of HTTP upg… Mark Nottingham
- Re: [hybi] workability (or otherwise) of HTTP upg… SM
- Re: [hybi] workability (or otherwise) of HTTP upg… Pat McManus @Mozilla
- Re: [hybi] workability (or otherwise) of HTTP upg… Scott Ferguson
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Gabriel Montenegro
- Re: [hybi] workability (or otherwise) of HTTP upg… Simon Pieters
- Re: [hybi] workability (or otherwise) of HTTP upg… John Tamplin
- Re: [hybi] workability (or otherwise) of HTTP upg… Simon Pieters
- Re: [hybi] workability (or otherwise) of HTTP upg… John Tamplin
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… John Tamplin
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Bjoern Hoehrmann
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Bjoern Hoehrmann
- Re: [hybi] workability (or otherwise) of HTTP upg… Greg Wilkins
- Re: [hybi] workability (or otherwise) of HTTP upg… Martin J. Dürst
- Re: [hybi] workability (or otherwise) of HTTP upg… Willy Tarreau
- Re: [hybi] workability (or otherwise) of HTTP upg… Simon Pieters
- Re: [hybi] workability (or otherwise) of HTTP upg… James Graham
- Re: [hybi] workability (or otherwise) of HTTP upg… Michael
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu
- Re: [hybi] workability (or otherwise) of HTTP upg… Zhong Yu