IETF Logo Mail Archive

Re: [hybi] [Technical Errata Reported] RFC6455 (4398)

Mike West <mkwst@google.com> Wed, 24 June 2015 12:20 UTC

Return-Path: <mkwst@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8E891A89F9 for <hybi@ietfa.amsl.com>; Wed, 24 Jun 2015 05:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8LxMpvZV8JE for <hybi@ietfa.amsl.com>; Wed, 24 Jun 2015 05:20:51 -0700 (PDT)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95B1C1A8996 for <hybi@ietf.org>; Wed, 24 Jun 2015 05:20:50 -0700 (PDT)
Received: by wicnd19 with SMTP id nd19so133099914wic.1 for <hybi@ietf.org>; Wed, 24 Jun 2015 05:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=o0Hmdy1IIeVGR3vH2BWP2LFg0SM9J4/XwQ16aT/R9SM=; b=domg0Hj0woR1PQu3pwOvT2KarzLJgONXzTQMmGL9yY9K/N+VBv8aeouWD/XVJktXR9 lvIozHDQhtFBkTvWUGEggsdQY9lkmzXOSnYyE7ZsW4fST7+ZH85J3KPefrjaXSfjyRfj qRLw0Xc7QynifbsIWepNim4zA8DoaV4GPBct1qea/jCL7SEda2Zzvr4JLX34gPn5TO5g 6wWFaXEpZkU2RZ2+Q8ihXmE7kFnDadZQXTQCTSFrcbcjyDqb7g7xo+jyX3ZqXMyCOru0 aihT/rayG9gsCiNwrIG8m5cnQxvMYm2uVinHTtimEZs1TGvje9GPhrQID8uewxj2El/A v4Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=o0Hmdy1IIeVGR3vH2BWP2LFg0SM9J4/XwQ16aT/R9SM=; b=ay0Aw1J2CELT0xOjkK0Bs5V9iYo8f65HZb1VS44FDfWlgQ/jEIIhXxfHLQE7GXT4NC ZAm7bRQoQr0u/0+wITA++N62JkGYKhTSZs3w4oYW4G9RkX7FOQZi7yMd4q2tNqS1woDS mN3clRI7/oXFSBqlXSZP/WENZoOPHJRahOZuvhvtX+ycCAmfibpA4ZDn9dgKh/BnNqwp tsV5ufTG3BR+dzqo0I6cogQ/rSbpCCzsM0zkOEYUB9BFBuhtAESmHfiM/VO2w+bIGLEn p28v4jIDANUxno4qMFUuAt6Ec0T0Ltk1ZqQeO/6OTMmv77xEVpQdeMKicGTLLlWekOPe Pffw==
X-Gm-Message-State: ALoCoQmneauNT7XQXtqe/o5Fz9M0VYk3XJzacVouVAhYLExLfsIZTC6z0AN/GPU6KoIk1hCWTv4w
X-Received: by 10.194.186.198 with SMTP id fm6mr70835909wjc.101.1435148449296; Wed, 24 Jun 2015 05:20:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.23.136 with HTTP; Wed, 24 Jun 2015 05:20:29 -0700 (PDT)
In-Reply-To: <CALaySJK9AVyiSG+yU2G2aDoxLWeeE_pcF3b6znwAuw1MQ-zang@mail.gmail.com>
References: <20150624083637.F377F180206@rfc-editor.org> <CALaySJK9AVyiSG+yU2G2aDoxLWeeE_pcF3b6znwAuw1MQ-zang@mail.gmail.com>
From: Mike West <mkwst@google.com>
Date: Wed, 24 Jun 2015 14:20:29 +0200
Message-ID: <CAKXHy=cVnFvDMMvvDoQqrw2SSb7Ep0UNCi3cVd693qzFmVNkHg@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Content-Type: multipart/alternative; boundary="047d7ba9845e85680405194289dd"
Archived-At: <http://mailarchive.ietf.org/arch/msg/hybi/YlF6piRBt0cHacou42YUMamhjuQ>
Cc: "hybi@ietf.org" <hybi@ietf.org>, "ifette+ietf@google.com" <ifette+ietf@google.com>, Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [hybi] [Technical Errata Reported] RFC6455 (4398)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hybi/>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2015 12:20:57 -0000

"Held for Document Update" is what I'm going for, yes. This isn't something
that was left out of the original document, but a change in the way mixed
content handling has been specified and implemented.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Wed, Jun 24, 2015 at 2:09 PM, Barry Leiba <barryleiba@computer.org>
wrote:

> This seems sensible, and seems like it ought to be "Held for Document
> Update", yes?  Unless this truly is something that was meant to be in
> the document originally, and was accidentally left out... which I
> don't think is the case.
>
> Barry
>
> On Wed, Jun 24, 2015 at 5:36 AM, RFC Errata System
> <rfc-editor@rfc-editor.org> wrote:
> > The following errata report has been submitted for RFC6455,
> > "The WebSocket Protocol".
> >
> > --------------------------------------
> > You may review the report below and at:
> > http://www.rfc-editor.org/errata_search.php?rfc=6455&eid=4398
> >
> > --------------------------------------
> > Type: Technical
> > Reported by: Mike West <mkwst@google.com>
> >
> > Section: 4.1
> >
> > Original Text
> > -------------
> > 1. The components of the WebSocket URI passed into this algorithm
> >    (/host/, /port/, /resource name/, and /secure/ flag) MUST be
> >    valid according to the specification of WebSocket URIs specified
> >    in Section 3.  If any of the components are invalid, the client
> >    MUST _Fail the WebSocket Connection_ and abort these steps.
> >
> > Corrected Text
> > --------------
> > 1. The components of the WebSocket URI passed into this algorithm
> >    (/host/, /port/, /resource name/, and /secure/ flag) MUST be
> >    valid according to the specification of WebSocket URIs specified
> >    in Section 3.  If any of the components are invalid, the client
> >    MUST _Fail the WebSocket Connection_ and abort these steps.
> >
> > 2. If secure is false, and the algorithm in Mixed Content's "§5.1
> >    Does settings object restrict mixed content?" returns Restricts
> >    Mixed Content when applied to client's entry script's relevant
> >    settings object's, then the client MUST fail the WebSocket
> >    connection and abort the connection.
> >
> > Notes
> > -----
> > This change is suggested by the W3C's "Mixed Content" document (
> https://w3c.github.io/webappsec/specs/mixedcontent/#websockets-integration),
> and will bring WebSockets' behaviors into line with XMLHttpRequest,
> EventSource, and Fetch, all of which act as though there was a network
> error when blocking a mixed content request, rather than throwing a
> SecurityError exception.
> >
> > Instructions:
> > -------------
> > This erratum is currently posted as "Reported". If necessary, please
> > use "Reply All" to discuss whether it should be verified or
> > rejected. When a decision is reached, the verifying party (IESG)
> > can log in to change the status and edit the report, if necessary.
> >
> > --------------------------------------
> > RFC6455 (draft-ietf-hybi-thewebsocketprotocol-17)
> > --------------------------------------
> > Title               : The WebSocket Protocol
> > Publication Date    : December 2011
> > Author(s)           : I. Fette, A. Melnikov
> > Category            : PROPOSED STANDARD
> > Source              : BiDirectional or Server-Initiated HTTP APP
> > Area                : Applications
> > Stream              : IETF
> > Verifying Party     : IESG
> >
>

v2.23.0 | Report a Bug | By Email