[hybi] Questions and comments on draft-hybi-thewebsocketprotocol-10

Mark Nottingham <mnot@mnot.net> Mon, 18 July 2011 07:07 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3659421F8AEA for <hybi@ietfa.amsl.com>; Mon, 18 Jul 2011 00:07:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.812
X-Spam-Status: No, score=-105.812 tagged_above=-999 required=5 tests=[AWL=-3.213, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id X44rgARAaaTi for <hybi@ietfa.amsl.com>; Mon, 18 Jul 2011 00:07:08 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net []) by ietfa.amsl.com (Postfix) with ESMTP id EFD2321F8700 for <hybi@ietf.org>; Mon, 18 Jul 2011 00:07:07 -0700 (PDT)
Received: from chancetrain-lm.mnot.net (unknown []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id F00F850A64 for <hybi@ietf.org>; Mon, 18 Jul 2011 03:07:00 -0400 (EDT)
From: Mark Nottingham <mnot@mnot.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Mon, 18 Jul 2011 17:06:57 +1000
Message-Id: <4C26A6A5-DA13-45A3-9DBA-D2515DF923CD@mnot.net>
To: "hybi@ietf.org HTTP" <hybi@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [hybi] Questions and comments on draft-hybi-thewebsocketprotocol-10
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 07:07:12 -0000


I've just read through -10, and wanted to ask a few questions. These are NOT (yet) Last Call comments, as I haven't kept up with the hybi list for a while, and haven't reviewed a draft since around -06. 

In other words, I'd like to understand things a bit more before making LC comments; there may be good reasons for the few things I saw that raised my eyebrows.

1) I missed the end of the handshake saga; can someone speak to why GET was chosen over, say, OPTIONS? Roy seems to have strong feelings about that (see recent discussion on HTTPbis).

2) The Upgrade token has no version; e.g., from the examples in 1.2:
    Upgrade: websocket
Why? The protocol version seems to be carried in the Sec-WebSocket-Version header; could it not be moved (or copied) to the upgrade token?

3) The last paragraph of 1.2 seems to be a bit of a non-sequiter; all protocols need framing, not just those used by event-driven implementations.

4) Section 3 defines two new URI schemes for WebSockets, but the handshake is entirely HTTP-based, and the default ports are HTTP's. Why is a new URI scheme needed here? I understand that client software needs something to trigger the upgrade from, but why use the scheme, instead of (for example) the API? Is it expected that WS: URIs will be used in other places URIs are used, such as in HTML elements like A / IMG / SCRIPT, or in browser location bars?

Having two URL schemes use the same default port doesn't feel right.

5) In the diagram at the start of 4.2, the dotted horizontal line in the left hand side of the "extended payload length continued" is a bit confusing, I think. YMMV.

6) In section 9.1., private-use-token is defined as having an "x-" prefix. This goes against emerging BCP, see draft-saintandre-xdash.

7) The contact field for registry entries in 11.13 is listed as 'hybi@ietf.org'org'. Is that list going to persist? Common practice is to use iesg@ietf.org AIUI.


Mark Nottingham   http://www.mnot.net/