Re: [hybi] An alternative design for the web socket handshake
"Roy T. Fielding" <fielding@gbiv.com> Tue, 18 May 2010 01:29 UTC
Return-Path: <fielding@gbiv.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 80F563A6BAF for <hybi@core3.amsl.com>; Mon, 17 May 2010 18:29:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hzqUsXOv6kou for <hybi@core3.amsl.com>; Mon, 17 May 2010 18:29:44 -0700 (PDT)
Received: from spaceymail-a4.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by core3.amsl.com (Postfix) with ESMTP id 255DC28C119 for <hybi@ietf.org>; Mon, 17 May 2010 18:29:44 -0700 (PDT)
Received: from di-524.corp.day.com (wsip-98-189-13-228.oc.oc.cox.net [98.189.13.228]) by spaceymail-a4.g.dreamhost.com (Postfix) with ESMTP id 867F91614BC; Mon, 17 May 2010 18:29:36 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <20100518001145.GN20356@shareable.org>
Date: Mon, 17 May 2010 18:29:34 -0700
Content-Transfer-Encoding: 7bit
Message-Id: <9209C542-81B0-4FCE-9BA3-8C06BF0A1220@gbiv.com>
References: <69603590-B1F1-4F0F-AE04-8F1EDD742D50@apple.com> <4BED0902.2000305@webtide.com> <20100514153843.GA6408@shareable.org> <u2kad99d8ce1005140907p6771e610r20a2160318a43676@mail.gmail.com> <20100515001814.GA13218@shareable.org> <AANLkTil9oCJifCkSdV6fSAfB8v1FIUr8tsxUXPC_xN_W@mail.gmail.com> <AANLkTilllRHES9ZCMczi5qnNslQyB-Xbmx2Pw6anGHQ9@mail.gmail.com> <AANLkTilXsRgFdhReP0uCLrzuCB6BbbFvUq746cQwdtSf@mail.gmail.com> <4FF8E1B1-6A5D-40B7-B722-EBBCF60F51AB@d2dx.com> <AANLkTiniLaBFjkIwfoKBjG7gGV-lEfShm4ew6yzC2DCT@mail.gmail.com> <20100518001145.GN20356@shareable.org>
To: Jamie Lokier <jamie@shareable.org>
X-Mailer: Apple Mail (2.1078)
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] An alternative design for the web socket handshake
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2010 01:29:45 -0000
On May 17, 2010, at 5:11 PM, Jamie Lokier wrote: > Roberto Peon wrote: >> >> Sure. Note that by removing the choice from the user we end up with >> cases where you have tethered your computer to your phone, and the >> proxy is helpfully stripping the bits off of the jpg data for the >> mapping application that you're attempting to use. >> >> Proxies do benefit some users, but, without the user's ability to >> choose to not use them, they can do serious harm. > > I agree. I've had to route around intercepting HTTP proxies a number > of times due to problems they cause, and any WebSocket-intercepting > proxy will no doubt cause problems too. The best way to "route around" intermediaries is to make it easy for them to perform their intended functionality without harm. We should assume that they exist for some reason, even if we happen to disagree with it, and that more reasons (not less) will appear with a new protocol. We should not engage in an arms race over protocol routing, since that will be interpreted by the same folks as inserting a backdoor to bypass organizational security and simply cause them to insert more content-parsing and port-blocking behavior to compensate. As I mentioned back in December, if a client can make a TLS connection (with SNI for same-origin checks) to a server, then why does it need a Websocket protocol? It has TCP already. If you can make the TLS exchange suitably unique, such that it can be distinguished from other TLS traffic, then you can have both an intermediary-proof tunnel and an easy mechanism by which firewalls can block such tunnels without blocking normal https use. That will satisfy the intermediaries. OTOH, if use cases for this hybi protocol are supposed to include many-to-one long-lived connections over the Internet, then any design dependent on per-client TCP is doomed to fail. Even a multiplex connection per client is not going to handle an Internet-scale notification system (it is an old research problem). We should be focusing on message-based protocols, with optional message-based encryption, that are independent of the transport mechanism. It would be far more interesting to me (and beneficial to the net) if the vendors working on this problem would consider using their considerable influence on network consumers to deploy a real solution using a connectionless protocol as transport. I don't care which one, and I don't care if it takes years to deploy on the wider net, just so long as it isn't actively harmful. Game developers do it all the time, and proxy vendors have adjusted their firewall options accordingly. > One reason to consider that proxy actions like keepalive aggregation > and multiplexing/demultiplexing may be necessary despite the possible > difficulties is that WebSocket's traffic profile will differ from HTTP. > > The current draft is oriented around the idea of lots of connections > per browser user - one per WebSocket object. (We've covered why many > WebSocket objects per browser are anticipated.) > > WebSockets are active traffic generators even from unused > (backgrounded) web pages, which users may keep open 24 hours, even > though they only actively browse for a few hours, and then only with a > subset of the open ones. This is because WebSockets used to receive > server-initiated updates must use keepalives all the time - and those > are about equally upstream and downstream. > > In contrast, HTTP is more cautious about the number of connections, > most inactive web pages don't use any (or very little) HTTP traffic, > and the traffic is highly asymmetric. > > We don't yet know how the new traffic profile will fare on various > networks, except some networks we can make better predictions about. > > Actively designing to block proxy acceleration and also make > it difficult to retrofit later, seems unjustifiable because of that, > even if it turns out to be unneeded in most places. > > But I agree there are issues we've all seen from "helpful" HTTP > proxies getting in the way. I wish we could get a list of proxy product names that cause problems, since it has been a very long time since I have seen an HTTP error report concerning them. (since 1996, in fact). We used to be able to get people to fix them in short order, once data loss is revealed to their customers. ....Roy
- [hybi] An alternative design for the web socket h… Adam Barth
- Re: [hybi] An alternative design for the web sock… Mike Belshe
- Re: [hybi] An alternative design for the web sock… John Tamplin
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Ian Hickson
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Ian Hickson
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Scott Ferguson
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Thomson, Martin
- Re: [hybi] An alternative design for the web sock… Thomson, Martin
- Re: [hybi] An alternative design for the web sock… Ian Hickson
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… John Tamplin
- Re: [hybi] An alternative design for the web sock… Adam Barth
- Re: [hybi] An alternative design for the web sock… Roberto Peon
- Re: [hybi] An alternative design for the web sock… Brad Spencer
- Re: [hybi] An alternative design for the web sock… Adam Barth
- Re: [hybi] An alternative design for the web sock… Rob Sayre
- Re: [hybi] An alternative design for the web sock… Thomson, Martin
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Roberto Peon
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Mike Belshe
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… Ian Hickson
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… Adam Barth
- Re: [hybi] An alternative design for the web sock… Scott Ferguson
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Mike Belshe
- Re: [hybi] An alternative design for the web sock… Mike Belshe
- Re: [hybi] An alternative design for the web sock… Roberto Peon
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Roberto Peon
- Re: [hybi] An alternative design for the web sock… John Tamplin
- Re: [hybi] An alternative design for the web sock… Roberto Peon
- Re: [hybi] An alternative design for the web sock… Scott Ferguson
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Maciej Stachowiak
- Re: [hybi] An alternative design for the web sock… Roberto Peon
- Re: [hybi] An alternative design for the web sock… Vladimir Katardjiev
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… Greg Wilkins
- Re: [hybi] An alternative design for the web sock… James Graham
- Re: [hybi] An alternative design for the web sock… Roberto Peon
- Re: [hybi] An alternative design for the web sock… Vladimir Katardjiev
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Roberto Peon
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Ian Hickson
- Re: [hybi] An alternative design for the web sock… Vladimir Katardjiev
- Re: [hybi] An alternative design for the web sock… Adam Barth
- Re: [hybi] An alternative design for the web sock… Scott Ferguson
- Re: [hybi] An alternative design for the web sock… Adam Barth
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Scott Ferguson
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Jamie Lokier
- Re: [hybi] An alternative design for the web sock… Roy T. Fielding
- Re: [hybi] An alternative design for the web sock… Erik Möller
- Re: [hybi] An alternative design for the web sock… John Tamplin
- Re: [hybi] An alternative design for the web sock… Erik Möller
- Re: [hybi] An alternative design for the web sock… Jamie Lokier