Re: [hybi] More feedback on WebSockets

Ian Hickson <ian@hixie.ch> Tue, 27 October 2009 21:05 UTC

Return-Path: <ian@hixie.ch>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EBC813A68C3 for <hybi@core3.amsl.com>; Tue, 27 Oct 2009 14:05:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.561
X-Spam-Level:
X-Spam-Status: No, score=-2.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GbKFN7uVes3l for <hybi@core3.amsl.com>; Tue, 27 Oct 2009 14:05:46 -0700 (PDT)
Received: from looneymail-a1.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by core3.amsl.com (Postfix) with ESMTP id 24D093A680F for <hybi@ietf.org>; Tue, 27 Oct 2009 14:05:46 -0700 (PDT)
Received: from hixie.dreamhostps.com (hixie.dreamhost.com [208.113.210.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by looneymail-a1.g.dreamhost.com (Postfix) with ESMTP id D4CAB15D562; Tue, 27 Oct 2009 14:05:58 -0700 (PDT)
Date: Tue, 27 Oct 2009 21:06:04 +0000
From: Ian Hickson <ian@hixie.ch>
To: Greg Wilkins <gregw@webtide.com>
In-Reply-To: <4AE75FEA.3090001@webtide.com>
Message-ID: <Pine.LNX.4.62.0910272104140.25608@hixie.dreamhostps.com>
References: <FDC38D4B-AB64-4F6B-B569-81D7A56DEC8D@mnot.net> <Pine.LNX.4.62.0910270912040.9145@hixie.dreamhostps.com> <4AE6C7D1.30003@webtide.com> <Pine.LNX.4.62.0910271834480.25616@hixie.dreamhostps.com> <4AE75D12.4060302@webtide.com> <Pine.LNX.4.62.0910272055390.25608@hixie.dreamhostps.com> <4AE75FEA.3090001@webtide.com>
Content-Language: en-GB-hixie
Content-Style-Type: text/css
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: hybi@ietf.org
Subject: Re: [hybi] More feedback on WebSockets
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2009 21:05:47 -0000

On Wed, 28 Oct 2009, Greg Wilkins wrote:
> > 
> > For the packet-forwarding ones, are we talking about inserting a 
> > header on incoming connections (client to server) or outgoing 
> > responses (server back to client)?
> 
> Again - there are a huge number of variations.
> 
> But inserting X-forwarded-for headers on requests and Via headers on 
> responses is common. So is setting cookies on responses so that 
> subsequent connections can be balanced the same. Also SSL offload will 
> want to set certificate details in the request header.

It sounds like there are some intermediaries that are harmless and would 
work fine, and others that are harmful and which WebSocket would correctly 
detect and prevent connections through. If someone wants to deploy a 
WebSocket server behind the latter, they'll quickly discover the problem, 
so it doesn't seem like it'd be a barrier to adoption. It's client-side 
intermediaries that are the main concern (and for which TLS-based 
WebSocket is the most obvious solution in most cases).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'