IETF Logo Mail Archive

Re: [hybi] An alternative design for the web socket handshake

"Roy T. Fielding" <fielding@gbiv.com> Tue, 18 May 2010 01:29 UTC

Return-Path: <fielding@gbiv.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 80F563A6BAF for <hybi@core3.amsl.com>; Mon, 17 May 2010 18:29:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hzqUsXOv6kou for <hybi@core3.amsl.com>; Mon, 17 May 2010 18:29:44 -0700 (PDT)
Received: from spaceymail-a4.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by core3.amsl.com (Postfix) with ESMTP id 255DC28C119 for <hybi@ietf.org>; Mon, 17 May 2010 18:29:44 -0700 (PDT)
Received: from di-524.corp.day.com (wsip-98-189-13-228.oc.oc.cox.net [98.189.13.228]) by spaceymail-a4.g.dreamhost.com (Postfix) with ESMTP id 867F91614BC; Mon, 17 May 2010 18:29:36 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <20100518001145.GN20356@shareable.org>
Date: Mon, 17 May 2010 18:29:34 -0700
Content-Transfer-Encoding: 7bit
Message-Id: <9209C542-81B0-4FCE-9BA3-8C06BF0A1220@gbiv.com>
References: <69603590-B1F1-4F0F-AE04-8F1EDD742D50@apple.com> <4BED0902.2000305@webtide.com> <20100514153843.GA6408@shareable.org> <u2kad99d8ce1005140907p6771e610r20a2160318a43676@mail.gmail.com> <20100515001814.GA13218@shareable.org> <AANLkTil9oCJifCkSdV6fSAfB8v1FIUr8tsxUXPC_xN_W@mail.gmail.com> <AANLkTilllRHES9ZCMczi5qnNslQyB-Xbmx2Pw6anGHQ9@mail.gmail.com> <AANLkTilXsRgFdhReP0uCLrzuCB6BbbFvUq746cQwdtSf@mail.gmail.com> <4FF8E1B1-6A5D-40B7-B722-EBBCF60F51AB@d2dx.com> <AANLkTiniLaBFjkIwfoKBjG7gGV-lEfShm4ew6yzC2DCT@mail.gmail.com> <20100518001145.GN20356@shareable.org>
To: Jamie Lokier <jamie@shareable.org>
X-Mailer: Apple Mail (2.1078)
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] An alternative design for the web socket handshake
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2010 01:29:45 -0000

On May 17, 2010, at 5:11 PM, Jamie Lokier wrote:

> Roberto Peon wrote:
>> 
>>   Sure. Note that by removing the choice from the user we end up with
>>   cases where you have tethered your computer to your phone, and the
>>   proxy is helpfully stripping the bits off of the jpg data for the
>>   mapping application that you're attempting to use.
>> 
>>   Proxies do benefit some users, but, without the user's ability to
>>   choose to not use them, they can do serious harm.
> 
> I agree.  I've had to route around intercepting HTTP proxies a number
> of times due to problems they cause, and any WebSocket-intercepting
> proxy will no doubt cause problems too.

The best way to "route around" intermediaries is to make it easy
for them to perform their intended functionality without harm.
We should assume that they exist for some reason, even if we happen
to disagree with it, and that more reasons (not less) will appear
with a new protocol.  We should not engage in an arms race over
protocol routing, since that will be interpreted by the same folks
as inserting a backdoor to bypass organizational security and
simply cause them to insert more content-parsing and port-blocking
behavior to compensate.

As I mentioned back in December, if a client can make a TLS connection
(with SNI for same-origin checks) to a server, then why does it need
a Websocket protocol?  It has TCP already.  If you can make the TLS
exchange suitably unique, such that it can be distinguished from other
TLS traffic, then you can have both an intermediary-proof tunnel and
an easy mechanism by which firewalls can block such tunnels without
blocking normal https use.  That will satisfy the intermediaries.

OTOH, if use cases for this hybi protocol are supposed to include
many-to-one long-lived connections over the Internet, then any design
dependent on per-client TCP is doomed to fail.  Even a multiplex
connection per client is not going to handle an Internet-scale
notification system (it is an old research problem).  We should be
focusing on message-based protocols, with optional message-based
encryption, that are independent of the transport mechanism.

It would be far more interesting to me (and beneficial to the net)
if the vendors working on this problem would consider using their
considerable influence on network consumers to deploy a real
solution using a connectionless protocol as transport.  I don't
care which one, and I don't care if it takes years to deploy on
the wider net, just so long as it isn't actively harmful.
Game developers do it all the time, and proxy vendors have
adjusted their firewall options accordingly.

> One reason to consider that proxy actions like keepalive aggregation
> and multiplexing/demultiplexing may be necessary despite the possible
> difficulties is that WebSocket's traffic profile will differ from HTTP.
> 
> The current draft is oriented around the idea of lots of connections
> per browser user - one per WebSocket object.  (We've covered why many
> WebSocket objects per browser are anticipated.)
> 
> WebSockets are active traffic generators even from unused
> (backgrounded) web pages, which users may keep open 24 hours, even
> though they only actively browse for a few hours, and then only with a
> subset of the open ones.  This is because WebSockets used to receive
> server-initiated updates must use keepalives all the time - and those
> are about equally upstream and downstream.
> 
> In contrast, HTTP is more cautious about the number of connections,
> most inactive web pages don't use any (or very little) HTTP traffic,
> and the traffic is highly asymmetric.
> 
> We don't yet know how the new traffic profile will fare on various
> networks, except some networks we can make better predictions about.
> 

> Actively designing to block proxy acceleration and also make
> it difficult to retrofit later, seems unjustifiable because of that,
> even if it turns out to be unneeded in most places.
> 
> But I agree there are issues we've all seen from "helpful" HTTP
> proxies getting in the way.

I wish we could get a list of proxy product names that
cause problems, since it has been a very long time since I have
seen an HTTP error report concerning them. (since 1996, in fact).
We used to be able to get people to fix them in short order, once
data loss is revealed to their customers.

....Roy

v2.23.0 | Report a Bug | By Email