Re: [hybi] <draft-ietf-hybi-thewebsocketprotocol-10> Sec-WebSocket-Key needed?

Philipp Serafin <phil127@gmail.com> Wed, 20 July 2011 12:25 UTC

Return-Path: <phil127@gmail.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B05B21F873A for <hybi@ietfa.amsl.com>; Wed, 20 Jul 2011 05:25:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m6fXTmvxakBu for <hybi@ietfa.amsl.com>; Wed, 20 Jul 2011 05:25:00 -0700 (PDT)
Received: from mail-ew0-f44.google.com (mail-ew0-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id 7C88A21F86FA for <hybi@ietf.org>; Wed, 20 Jul 2011 05:25:00 -0700 (PDT)
Received: by ewy19 with SMTP id 19so555358ewy.31 for <hybi@ietf.org>; Wed, 20 Jul 2011 05:24:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=7KhpOVD6h3fyDCOQ1R+LPh4Nj+v7uzgPN+UtAyDpL5Q=; b=Fs8AHBYlrYuWuZ5zsPzqSVI6LmqQxCmNBhOS4Jvbv5JYV6Xxgz3oer+j3mrXJIbYPJ g2gTPaRe72LLt5iamORfe1RB7Y+P5bGSvn8mhNr+Gf+DXt0YuNRr1ko4qlj8pTCX5Uxq lwWYGwVVLqKAWnZE8Y10/JHPdO1hrEylH/58E=
Received: by 10.213.9.203 with SMTP id m11mr144837ebm.63.1311164684297; Wed, 20 Jul 2011 05:24:44 -0700 (PDT)
Received: from [212.201.75.145] (pptp-212-201-75-145.pptp.stw-bonn.de [212.201.75.145]) by mx.google.com with ESMTPS id d44sm516850eeb.22.2011.07.20.05.24.43 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 20 Jul 2011 05:24:43 -0700 (PDT)
Message-ID: <4E26C904.30701@gmail.com>
Date: Wed, 20 Jul 2011 14:24:36 +0200
From: Philipp Serafin <phil127@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: Alexander Yastrebov <menone7@gmail.com>
References: <CAJnFuGPq=QmV52DdBRQRNDps5JddLvTVKzfQHqcEVzT7GQkEjA@mail.gmail.com>
In-Reply-To: <CAJnFuGPq=QmV52DdBRQRNDps5JddLvTVKzfQHqcEVzT7GQkEjA@mail.gmail.com>
X-Enigmail-Version: 1.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: hybi@ietf.org
Subject: Re: [hybi] <draft-ietf-hybi-thewebsocketprotocol-10> Sec-WebSocket-Key needed?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2011 12:25:01 -0000

A protocol like this would likely be rejected by proxies, too. It's a
design goal for WS that it should be able to pass most existing HTTP
proxies.

Am 20.07.2011 13:57, schrieb Alexander Yastrebov:
>>   The WebSocket protocol is an independent TCP-based protocol.  Its
>>   only relationship to HTTP is that its handshake is interpreted by
>>   HTTP servers as an Upgrade request.
> If it independent protocol, then say me why it send messages
> with "HTTP/1.1"? If change this part (example "WSOCK/0.11") then
> security issues with XmlHttpRequest disappear. Do not supporting
> WebSocket servers MUST answer "400 Bad Request". But separate one
> from another is very simple. And the need for such a complicated
> handshake disappears. No?
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi