IETF Logo Mail Archive

Re: [hybi] Do we have a sense of when browsers will be supporting draft-ietf-hybi-thewebsocketprotocol-03 ?

Greg Wilkins <gregw@webtide.com> Fri, 03 December 2010 08:39 UTC

Return-Path: <gregw@intalio.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A1DCB3A67FD for <hybi@core3.amsl.com>; Fri, 3 Dec 2010 00:39:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.335
X-Spam-Level:
X-Spam-Status: No, score=-2.335 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VoqJd5RJFN0U for <hybi@core3.amsl.com>; Fri, 3 Dec 2010 00:39:43 -0800 (PST)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by core3.amsl.com (Postfix) with ESMTP id 96C133A67CC for <hybi@ietf.org>; Fri, 3 Dec 2010 00:39:43 -0800 (PST)
Received: by qyk34 with SMTP id 34so545946qyk.10 for <hybi@ietf.org>; Fri, 03 Dec 2010 00:41:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.229.91.13 with SMTP id k13mr986941qcm.299.1291365660185; Fri, 03 Dec 2010 00:41:00 -0800 (PST)
Sender: gregw@intalio.com
Received: by 10.220.167.203 with HTTP; Fri, 3 Dec 2010 00:41:00 -0800 (PST)
In-Reply-To: <D8DA32CE-20C0-4DC1-9554-AC78D261FF32@apple.com>
References: <C91BE965.8745%mabutler@adobe.com> <AANLkTimP6KqAsSjWY9wipW=kxVGWEvBt0ANvOZh-QWyr@mail.gmail.com> <AANLkTikpVoPfy+t7w5bjeNjhA+Go2Sf_s=LKQOsFJJA1@mail.gmail.com> <4CF7F045.9080000@caucho.com> <AANLkTinND6njAfUHY7c8UW=YK=-okmNErhZnW1TYhhsu@mail.gmail.com> <AANLkTikPn0qre=KGkY7wuVuENkau9Dizyd--NRXaY3tO@mail.gmail.com> <D8DA32CE-20C0-4DC1-9554-AC78D261FF32@apple.com>
Date: Fri, 03 Dec 2010 09:41:00 +0100
X-Google-Sender-Auth: KBB7V2htpkqqM0QoN-zTBcBhk5w
Message-ID: <AANLkTikU=m+XH7BTu6P=1qw-jrBdewhsT2C9DC8M=v=m@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Maciej Stachowiak <mjs@apple.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Do we have a sense of when browsers will be supporting draft-ietf-hybi-thewebsocketprotocol-03 ?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Dec 2010 08:39:44 -0000

On 3 December 2010 09:18, Maciej Stachowiak <mjs@apple.com> wrote:
>
> On Dec 2, 2010, at 11:07 PM, Greg Wilkins wrote:
>
>>
>> The use of CONNECT instead of GET+Upgrade needs to be proposed as a
>> change in it own right and not mixed up with several other issues.  If
>> a CONNECT proposal can overcome the objections to it, then great!
>> But it is not the only option we have.
>
> You supported a CONNECT proposal yesterday:
>
> http://www.ietf.org/mail-archive/web/hybi/current/msg04860.html
> http://www.ietf.org/mail-archive/web/hybi/current/msg04861.html
>
> Do those messages reflect your current position?


Maciej,

I'm not opposed to a CONNECT solution and I'd like to see a clear
proposal made that separates out CONNECT from the other issues (bogus
hosts etc).  I'd like to see if such a proposal can be made acceptable
to the objections raised by Roy and others.   The proposals made
yesterday do look like a good way to progress.

But I don't think that CONNECT is universally accepted and I think the
case still has to be made to convince others.  I'm not totally
convinced myself, but think it is worth considering and asking for
concrete proposals without bogus header and encoding distractions is a
good step towards evaluating those concerns.

Most importantly  I do *not* think that CONNECT is our only available
solution.  My recent posts have been to simply correct some
overstatements about the vulnerability (or otherwise) of GET+Upgrade.
  I still think that  GET+Upgrade together with robust framing is a
viable solution - but I recognise that some have concerns with a
defence based only on framing.   Thus I'm happy to try form a
consensus around CONNECT, but at the same time I'm talking about
misconceptions of the framing defence because that applies regardless
of handshake and may be important if we can't overcome objections to
CONNECT.

Personally, my current favourite option now is for a dedicated WS port
and the use of CONNECT to access it via port 80 if it cannot be
reached directly.       But it looks like CONNECT has some serious
objections to its use and if they cannot be overcome, then I'm not
opposed to using GET+Upgrade.    IE I don't really care which
handshake we use so long as we can agree on one or the other.  I care
about HTTP compatibility, valid routing data and robust extensible
framing and I think these concerns.

cheers

v2.23.0 | Report a Bug | By Email