Re: [hybi] [whatwg] HttpOnly cookie for WebSocket?

Salvatore Loreto <> Thu, 28 January 2010 11:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0ED513A68C5 for <>; Thu, 28 Jan 2010 03:03:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.174
X-Spam-Status: No, score=-6.174 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pswAVGSFtPnx for <>; Thu, 28 Jan 2010 03:03:36 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 907113A68F5 for <>; Thu, 28 Jan 2010 03:03:36 -0800 (PST)
X-AuditID: c1b4fb24-b7c64ae000005cb7-aa-4b616f1858ec
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id C1.A4.23735.81F616B4; Thu, 28 Jan 2010 12:03:52 +0100 (CET)
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.3959); Thu, 28 Jan 2010 12:03:52 +0100
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.3959); Thu, 28 Jan 2010 12:03:51 +0100
Received: from ( []) by (Postfix) with ESMTP id 1B3382468; Thu, 28 Jan 2010 13:03:52 +0200 (EET)
Received: from (localhost []) by (Postfix) with ESMTP id D911C21A39; Thu, 28 Jan 2010 13:03:51 +0200 (EET)
Received: from [IPv6:::1] (localhost []) by (Postfix) with ESMTP id 86DA2219D0; Thu, 28 Jan 2010 13:03:51 +0200 (EET)
Message-ID: <>
Date: Thu, 28 Jan 2010 13:03:51 +0200
From: Salvatore Loreto <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100120 Fedora/3.0.1-1.fc12 Thunderbird/3.0.1
MIME-Version: 1.0
To: Ian Hickson <>
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-OriginalArrivalTime: 28 Jan 2010 11:03:51.0989 (UTC) FILETIME=[934C6E50:01CAA009]
X-Brightmail-Tracker: AAAAAA==
Cc: "" <>, Hybi <>
Subject: Re: [hybi] [whatwg] HttpOnly cookie for WebSocket?
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Jan 2010 11:03:38 -0000

Hi Ian,

first I think it would be better have and maintain both whatwg and hybi 
mailing list in any conversation
related to WebSocket

at the BoF in Hiroshima there was a clear consensus from all the 
(both the one physically present  and the one remotely attending via 
streaming and chat)
to move the WebSocket standardization work within IETF community.
To be clear, the IETF community is not a closed community, all the 
people involved in the
discussion (especially in the mail discussion) are the one forming the 
IETF community.

the fact that there are already implementation of WebSocket (based on 
the current draft)
already or ready to be shipped in browsers and servers is a good news,
that highlight even more the need to have a clear standard document;
so just to say one of the HyBi wg intention is to gather all the 
experiences from people that have
implemented WebSocket so to eventually improve (if and only if 
necessary) the current draft.

having said that, the work on HTTPState is also done within IETF community,
so discuss about the possible usage of HTTPState in WebWocket in the 
same community can
give the possibility to people involved in HTTPState to express their 
opinion and provide their comments


On 01/28/2010 11:07 AM, Ian Hickson wrote:
> On Thu, 28 Jan 2010, Salvatore Loreto wrote:
>> a new IETF wg has been formed to take care of WebSocket protocol
>> HyBi:
>> So, this issue is something it should be discussed there
>> (btw I am forwdard it to the HyBi ml)
>> N.B. to subscribe to the HyBi ml:
> The WHATWG is still actively working on the WebSocket protocol, as we are
> with all of the specifications listed in the FAQ:
> ...and feedback on the WebSocket protocol is therefore very welcome on
> this mailing list. (Indeed, I continue to track all e-mails sent to this
> list and will reply to all substantial feedback sent to it.)
> As a side note, it's unclear exactly what the HyBi group is actually going
> to be working on. The timetable listed on the charter linked above is
> clearly at odds with reality; WebSocket is already shipping in Chrome and
> is ready to be shipped in two other browsers, and multiple servers are
> already available, so clearly March 2011 for a last call isn't really
> workable (especially since the spec reached last call at the WHATWG in
> 2009 -- the main thing missing now is test cases). However, I encourage
> anyone interested in Web Sockets to participate in the HyBi group, and
> indeed discussion of their timetable is probably best had there.