IETF Logo Mail Archive

Re: [hybi] [whatwg] Web sockets and existing HTTP stacks

Greg Wilkins <gregw@webtide.com> Tue, 22 December 2009 08:33 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 973083A68D4 for <hybi@core3.amsl.com>; Tue, 22 Dec 2009 00:33:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.527
X-Spam-Level:
X-Spam-Status: No, score=-2.527 tagged_above=-999 required=5 tests=[AWL=0.072, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NykotMmbpHwb for <hybi@core3.amsl.com>; Tue, 22 Dec 2009 00:33:00 -0800 (PST)
Received: from mail-yx0-f192.google.com (mail-yx0-f192.google.com [209.85.210.192]) by core3.amsl.com (Postfix) with ESMTP id 3B9883A6908 for <hybi@ietf.org>; Tue, 22 Dec 2009 00:33:00 -0800 (PST)
Received: by yxe30 with SMTP id 30so6836814yxe.29 for <hybi@ietf.org>; Tue, 22 Dec 2009 00:32:41 -0800 (PST)
Received: by 10.90.61.21 with SMTP id j21mr1667482aga.60.1261470759641; Tue, 22 Dec 2009 00:32:39 -0800 (PST)
Received: from ?10.10.1.11? (60-242-119-126.tpgi.com.au [60.242.119.126]) by mx.google.com with ESMTPS id 14sm3268271gxk.10.2009.12.22.00.32.36 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 22 Dec 2009 00:32:38 -0800 (PST)
Message-ID: <4B308412.1050709@webtide.com>
Date: Tue, 22 Dec 2009 19:32:18 +1100
From: Greg Wilkins <gregw@webtide.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Ian Hickson <ian@hixie.ch>
References: <557ae280911171402v7546e5e7n93a1e57f87dc10e5@mail.gmail.com> <557ae280911200711i5493e654k67c1f5f07336bfb9@mail.gmail.com> <Pine.LNX.4.62.0912032347360.15540@hixie.dreamhostps.com> <4B2C1D52.9020505@webtide.com> <5c902b9e0912181640n497169cdrfa71f9a2908e6ef3@mail.gmail.com> <20091219005442.GA10949@shareable.org> <5c902b9e0912181711o65f31266yd86b8db618a1dcb1@mail.gmail.com> <B0B57710-91BC-4CEC-ABA6-50318038E64B@mnot.net> <4B302D5C.3080904@webtide.com> <Pine.LNX.4.62.0912220227020.18249@hixie.dreamhostps.com>
In-Reply-To: <Pine.LNX.4.62.0912220227020.18249@hixie.dreamhostps.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: hybi@ietf.org
Subject: Re: [hybi] [whatwg] Web sockets and existing HTTP stacks
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2009 08:33:01 -0000

Ian Hickson wrote:
> On Tue, 22 Dec 2009, Greg Wilkins wrote:
>> Mark Nottingham wrote:
>>> There was a fairly long thread initiated by Ian on squid-dev, FYI:
>>>   http://marc.info/?t=124700786100001&r=1&w=2
>>>
>>> That discussion is very similar to this one.
>> This is looking more an more like a hostile takeover bid of port 80.
> 
> Just so we're clear, Web Sockets (then TCPConnection) was originally 
> completely independent of HTTP. It was then requested that the handshake 
> be made HTTP-compatible such that an HTTP server could share its port with 
> a Web Sockets server, so that port 443 could be used (needed to get around 
> man-in-the-middle proxies). Even then, though, the Web Sockets spec 
> originally specifically discouraged the use of port 443 and recommended 
> the use of ports 81 and 815. It was only in response to feedback 
> suggesting that discouraging port 443 was a bad idea that the spec was 
> changed to be neutral on the matter. Then I tried registering ports 81 and 
> 815 and the IANA told me to just use ports 80 and 443.
> 
> So describing this as a "hostile takeover bid" is rather revisionist.

OK fair cop - a bit of an exaggeration.

But now that you have been encouraged to use port 80, then you need
to play by the existing rules on port 80 - up until the time the
upgrade response is sent.   After that, you can go crazy with the
cheeze-whiz on new protocol and any intermediary that does pass
the upgrade, but does not handle the subsequent traffic is in the wrong.

But prior to the upgrade response, you are in HTTP and should be
governed by RFC2616 and not just pretend HTTP.

> It's 
> only through three years of responding to feedback that we've reached this 
> point, and I've done my best to ensure that the handshake really is 
> compatible with HTTP 

Why "compatible with HTTP"?   Why not just be real HTTP prior to the
upgrade?

> to the extent necessary to handle the use cases that
> people have brought to the table.

This list and the squid list and other forums are full of people
raising use-cases that are not supported.    This thread was
started by a post about a C HTTP stack that had difficulty
with the "compatible HTTP", I've posted similar issues with
the Jetty implementation.   The squid list shows how
a caching proxy is having problems with just "compatibility"
and there have been plenty of other use-cases listed
about load balancers, SSL offload, etc. etc.

You have been entirely unsuccessful in convincing anybody
else of the validity of your assertion that binary specified
upgrade requests/responses increases security or serves
any purpose at all.  I've not seen 1 word of support for
that approach from anybody else.

So I'm sorry about the hostile take over bid comment, but
it just reflects my frustration at your intransigence on
this issue.    When existing HTTP infrastructure on port
80 is incompatible with your new protocol, your response
is that we should not use that infrastructure on port 80!

But that is simply not an option.

regards

v2.23.0 | Report a Bug | By Email