Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-00.txt
Jesse Wilson <jesse@swank.ca> Mon, 16 October 2017 08:34 UTC
Return-Path: <limpbizkit@gmail.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 109A013448A for <hybi@ietfa.amsl.com>; Mon, 16 Oct 2017 01:34:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.219
X-Spam-Level:
X-Spam-Status: No, score=-1.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6kBtPlBPjN4n for <hybi@ietfa.amsl.com>; Mon, 16 Oct 2017 01:34:46 -0700 (PDT)
Received: from mail-wm0-f50.google.com (mail-wm0-f50.google.com [74.125.82.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B7AD13448C for <hybi@ietf.org>; Mon, 16 Oct 2017 01:34:46 -0700 (PDT)
Received: by mail-wm0-f50.google.com with SMTP id q132so638584wmd.2 for <hybi@ietf.org>; Mon, 16 Oct 2017 01:34:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JePazUvDQ2/L2ptWWso+YJtPjqnTRByc1unEVDPdJ2Y=; b=TwWuHd3hHFKpoDHTTOpQITu8/Km57CvG6wA4u505+NEb14V4jE65VMQncAbpAicAa+ vsSOxrcbwXgQBRTYHwIMYPcGJ2WIfGhGUtqQ2aLnoAyzvZEvinBFqTcpx67wWui073Cc FjL2H11Vqit+mS/IK3hQAkQ1euAcEGFze//5BlRH7ZaFGN6F2kAn7L9yMCTOEmqJ7vnf y38SP3lMMrqYtdZl3coQ2ulbKf3RbySMJI4+aZ6glvcU5btaQ6uYUWQtREoTLT1ot6yj w6yOAByXpfJ7oO1uwq0kbfT46WaO16vfbWF4OwwtCTyicjaeW+kbmzk+34lspwYu+q/2 eWhg==
X-Gm-Message-State: AMCzsaXzs8oYvhF75QM3LaqkLYOqEbmUAatmex2TVE4llurQRJaKLT+j zGwtUuPZVJwNuTuNuTM8jcSJAWgD41mncnDgK0g=
X-Google-Smtp-Source: AOwi7QDUGp4RmPrIvCRjqIRvzdE80BRX51p0OCw4O3rz6kto0DF2NCjNE4/jeuJYXsTpIdVAWsDk35IQAOvTy1qGg34=
X-Received: by 10.223.134.154 with SMTP id 26mr8178377wrx.137.1508142884457; Mon, 16 Oct 2017 01:34:44 -0700 (PDT)
MIME-Version: 1.0
References: <150807649389.12130.9191022211105955718.idtracker@ietfa.amsl.com> <CAOdDvNqhaTJmLcEk3CwBBaAbdOroc4U46z+nJzC7+chd1ErSDA@mail.gmail.com> <FEBB57D4-E841-4F45-9B62-81FFC653FF70@lukasa.co.uk> <0F93FB58-579D-4F52-8F22-5FEAFBC99165@warmcat.com> <CAOdDvNpCVxsaKEzoW3EWsK1hmWSBPOP+GHnK-DcP4QO4om_khQ@mail.gmail.com> <f4bb6b5c-b12e-dc59-6faa-15588b692574@warmcat.com> <CABkgnnUfDwYmxi72f-x=z=iwf4+3L_rcLqufJRYvEMpP=Fb3MA@mail.gmail.com> <a4229e61-fb04-30b1-f2c7-a862645d0059@warmcat.com> <CABkgnnX0uXm1mDHL+dy6Z+mCZdofkEshd5jy-a0jV-Hsp88yQA@mail.gmail.com> <3dd5002d-49ca-4af5-1b38-f1dbe530b98e@warmcat.com> <CABkgnnWfTcGyUDBfSs1S+M4xaeELZKXa=9JP79kKKvsSjL_ouA@mail.gmail.com> <dda4b424-b2e3-7096-c2ce-f61e54df2384@warmcat.com> <CABkgnnVeXGzw2HjxkUWW8O_EOjhe6j3p1yqJUuezvMnBtHxtLQ@mail.gmail.com> <e971cda1-f022-50a6-0e3b-d1a264d6f358@warmcat.com> <CABkgnnUzGTO1rT3yMTr-Rzdr5u3gOM8A2WRczw5vNmpvE2t9GQ@mail.gmail.com>
In-Reply-To: <CABkgnnUzGTO1rT3yMTr-Rzdr5u3gOM8A2WRczw5vNmpvE2t9GQ@mail.gmail.com>
From: Jesse Wilson <jesse@swank.ca>
Date: Mon, 16 Oct 2017 08:34:32 +0000
Message-ID: <CAME=j1=8nycH+4TnJwvpHNggA__DnNu1iWBVmN6-2SaoY73RTQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Andy Green <andy@warmcat.com>, Cory Benfield <cory@lukasa.co.uk>, HTTP Working Group <ietf-http-wg@w3.org>, Patrick McManus <pmcmanus@mozilla.com>, Patrick McManus <mcmanus@ducksong.com>, hybi <hybi@ietf.org>
Content-Type: multipart/alternative; boundary="001a1146c57ee616a8055ba5e0e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hybi/Mpa9zZVpgeDeWP3iq7ec6hXbA1U>
Subject: Re: [hybi] New Version Notification for draft-mcmanus-httpbis-h2-websockets-00.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hybi/>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 08:34:48 -0000
I think this proposal is a nice shortcut to getting the benefits of websockets on HTTP/2 without redesigning much. It’s something we could probably add to OkHttp and MockWebServer in just a few days. There’s a policy question on what clients should do when a websocket is the first request to a target host. We can build an HTTP/2 connection and then hope to layer websockets on top, or build a bare websockets connection directly and forgo HTTP/2 multiplexing. Browsers might choose to persist settings to inform this decision. Or it would be handy to hint this in the ALPN protocols, though that would require the TLS layer to be aware of this setting! It’s worth explaining what should happen if a naughty client doesn’t attempt a websocket upgrade within the DATA frames of a stream established for that purpose. In particular, a naïve webserver might honor any HTTP/1 request here; that seems like a potential attack vector. Suppose I send this: GET /admin HTTP/1.1 host: localhost Can I can trick a server into treating my request as originating from localhost? The HTTP/2 layer will have already routed the authority for this request but an attacker could contradict that! Nice to see a websockets and HTTP/2 proposal. Thanks! – Jesse
- Re: [hybi] New Version Notification for draft-mcm… Cory Benfield
- Re: [hybi] New Version Notification for draft-mcm… Andy Green
- Re: [hybi] New Version Notification for draft-mcm… Patrick McManus
- Re: [hybi] New Version Notification for draft-mcm… Andy Green
- Re: [hybi] New Version Notification for draft-mcm… Martin Thomson
- Re: [hybi] New Version Notification for draft-mcm… Andy Green
- Re: [hybi] New Version Notification for draft-mcm… Martin Thomson
- Re: [hybi] New Version Notification for draft-mcm… Andy Green
- Re: [hybi] New Version Notification for draft-mcm… Martin Thomson
- Re: [hybi] New Version Notification for draft-mcm… Andy Green
- Re: [hybi] New Version Notification for draft-mcm… Martin Thomson
- Re: [hybi] New Version Notification for draft-mcm… Andy Green
- Re: [hybi] New Version Notification for draft-mcm… Martin Thomson
- Re: [hybi] New Version Notification for draft-mcm… Jesse Wilson
- Re: [hybi] New Version Notification for draft-mcm… Patrick McManus
- Re: [hybi] New Version Notification for draft-mcm… Lucas Pardue
- Re: [hybi] New Version Notification for draft-mcm… Mike Bishop
- Re: [hybi] New Version Notification for draft-mcm… Patrick McManus
- Re: [hybi] New Version Notification for draft-mcm… Stefan Eissing
- Re: [hybi] New Version Notification for draft-mcm… Patrick McManus
- Re: [hybi] New Version Notification for draft-mcm… Patrick McManus
- Re: [hybi] New Version Notification for draft-mcm… Stefan Eissing
- Re: [hybi] New Version Notification for draft-mcm… Loïc Hoguin
- Re: [hybi] New Version Notification for draft-mcm… Patrick McManus
- Re: [hybi] New Version Notification for draft-mcm… Stefan Eissing
- Re: [hybi] New Version Notification for draft-mcm… Stefan Eissing
- Re: [hybi] New Version Notification for draft-mcm… Patrick McManus
- Re: [hybi] New Version Notification for draft-mcm… Mike Bishop
- Re: [hybi] New Version Notification for draft-mcm… Andy Green
- Re: [hybi] New Version Notification for draft-mcm… Mike Bishop
- Re: [hybi] New Version Notification for draft-mcm… Mark Nottingham
- Re: [hybi] New Version Notification for draft-mcm… Julian Reschke