IETF Logo Mail Archive

Re: [hybi] WebSockets

Ian Hickson <ian@hixie.ch> Mon, 30 March 2009 23:15 UTC

Return-Path: <ian@hixie.ch>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D87F93A6AC5 for <hybi@core3.amsl.com>; Mon, 30 Mar 2009 16:15:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.566
X-Spam-Level:
X-Spam-Status: No, score=-2.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8do95R4aTTAM for <hybi@core3.amsl.com>; Mon, 30 Mar 2009 16:14:59 -0700 (PDT)
Received: from looneymail-a3.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by core3.amsl.com (Postfix) with ESMTP id E5CE13A67DB for <hybi@ietf.org>; Mon, 30 Mar 2009 16:14:59 -0700 (PDT)
Received: from hixie.dreamhostps.com (hixie.dreamhost.com [208.113.210.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by looneymail-a3.g.dreamhost.com (Postfix) with ESMTP id F3AC827B4D; Mon, 30 Mar 2009 16:15:57 -0700 (PDT)
Date: Mon, 30 Mar 2009 23:15:57 +0000
From: Ian Hickson <ian@hixie.ch>
To: "Edward Z. Yang" <ezyang@MIT.EDU>
In-Reply-To: <alpine.DEB.2.00.0903301844490.6227@javelin>
Message-ID: <Pine.LNX.4.62.0903302315020.25058@hixie.dreamhostps.com>
References: <Pine.LNX.4.62.0903302124580.25058@hixie.dreamhostps.com> <alpine.DEB.2.00.0903301844490.6227@javelin>
Content-Language: en-GB-hixie
Content-Style-Type: text/css
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: hybi@ietf.org
Subject: Re: [hybi] WebSockets
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2009 23:15:00 -0000

On Mon, 30 Mar 2009, Edward Z. Yang wrote:
> > 
> > - It must not be possible for the mechanism to be used to successfully
> >   connect to existing servers and send them arbitrary commands. In
> >   particular, SMTP, HTTP, HTTPS, IMAP, POP, and similar protocols must be
> >   safe from this.
> 
> I believe that modern browsers specifically block requests to ports that 
> are not normally used in web browsing on an ad hoc basis.  Given 
> WebSocket's handshake, I think this problem is equivalent to HTTP.

That's the intent, yes.


> > I would be interested in any suggestions people may have along these 
> > lines. Are there existing protocols that satisfy these requirements? 
> > Are there requirements I have missed?
> 
> Plugins such as Flash and Java already allow sockets to programmers on a 
> limited basis.  Looking forwards, these languages will need client 
> libraries that implement the WebSocket protocol.  JavaScript will also 
> need an API designed for it.

There is a JavaScript API designed for this protocol here:

   http://dev.w3.org/html5/websockets/

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

v2.23.0 | Report a Bug | By Email