Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocketprotocol-01.txt
John Tamplin <jat@google.com> Thu, 02 September 2010 17:45 UTC
Return-Path: <jat@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F29943A6ABA for <hybi@core3.amsl.com>; Thu, 2 Sep 2010 10:45:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.874
X-Spam-Level:
X-Spam-Status: No, score=-105.874 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1B5T05BJHQQ for <hybi@core3.amsl.com>; Thu, 2 Sep 2010 10:45:53 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id F27BC3A6B62 for <hybi@ietf.org>; Thu, 2 Sep 2010 10:19:23 -0700 (PDT)
Received: from hpaq7.eem.corp.google.com (hpaq7.eem.corp.google.com [172.25.149.7]) by smtp-out.google.com with ESMTP id o82HJlXM008916 for <hybi@ietf.org>; Thu, 2 Sep 2010 10:19:47 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1283447988; bh=WQwD+a3WDAyZixuorRIo7w9YQyA=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type:Content-Transfer-Encoding; b=UvQVPc+5j0EVDB0blY78qhFLl1e+/x2f8GNjn8p+UvFVy28VYCqyunMOWbZEojBHD ISOaeuXqmIX4ECFL1TwFA==
Received: from gwj21 (gwj21.prod.google.com [10.200.10.21]) by hpaq7.eem.corp.google.com with ESMTP id o82HJ6ED010883 for <hybi@ietf.org>; Thu, 2 Sep 2010 10:19:46 -0700
Received: by gwj21 with SMTP id 21so124360gwj.36 for <hybi@ietf.org>; Thu, 02 Sep 2010 10:19:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=stDb+aoU76f3DUF/zDPsQ6ltVliSR/cUDg6GvLuKi44=; b=m0eW5X9Amssthbo2UNJ5zXdRk6tsbMBPrrEyfCCVGI743yV+GRGLpEbuArySrL6/bV MrSjAj04HCXJAX4vOvmw==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=UhJorF0xctHfWcesO0LYrdGtVxSTInIZOlJLyAuhc/MVecZIQl4aXtDaXVPhYAfz2T McOjOexmuauuBnrASrAQ==
Received: by 10.150.216.16 with SMTP id o16mr14521ybg.156.1283447972259; Thu, 02 Sep 2010 10:19:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.151.103.4 with HTTP; Thu, 2 Sep 2010 10:19:12 -0700 (PDT)
In-Reply-To: <4C7F8EE7.1040106@opera.com>
References: <20100901224502.0519B3A687C@core3.amsl.com> <4C7F8EE7.1040106@opera.com>
From: John Tamplin <jat@google.com>
Date: Thu, 02 Sep 2010 13:19:12 -0400
Message-ID: <AANLkTimg1dgWFThSHXhpu4q1XFx_6kLQe1cMy1dq_dWa@mail.gmail.com>
To: James Graham <jgraham@opera.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: hybi@ietf.org
Subject: Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocketprotocol-01.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Sep 2010 17:45:55 -0000
On Thu, Sep 2, 2010 at 7:47 AM, James Graham <jgraham@opera.com> wrote: > The framing sections seem to have a lot of SHOULDs. This is worrying as > SHOULD-level conditions can't really be tested (it is not an error to > violate them) and can be a source of interoperability problems. I would > prefer that we make all behaviour mandatory unless there is a good reason to > do otherwise. I think we can tighten those up as we get consensus. As an example, there were people that wanted keep-alives, and people that didn't. The language in Ping/Pong is intended to mean that those who want them can have them, while the ones who don't, don't. I agree it would be better to have fewer options left up to the implementation, but I think we need more debate to get there. > Some specific clauses seem problematic. For example: > > """A receiver MUST be prepared to accept arbitrarily fragmented > messages, even if the sender sent the message in a single frame.""" > > "be prepared to accept" seems like poor wording. I would just say "Clients > and servers MUST support recieving both fragmented and unfragmented > messages". The clause "even if the sender sent the message..." seems odd > because it is not clear how the recipient can know how the message is > originally sent. In any case it seems redundant. This whole clause could be > avoided with normative processing requirements that require support for > fragmented and unfragmented messages (see below). So, the case I was thinking of was someone writing the JS code for their app and their own stand-alone server. Without some statement to that effect, they might assume that if they send a single message the server will receive it in a single frame, but the browser or some intermediary might decide to fragment it anyway. I am open to different ways of wording it, but I think there needs to be some clarification that just because a message was sent in one fragment doesn't meant it will stay that way. > """Ping > > Upon receipt of a Ping message, an endpoint SHOULD send a Pong > response as soon as is practical. The Pong response MUST contain > the payload provided in the Ping message, though an implementation > MAY truncate the message at an implementation-defined size which > MUST be at least 8 _(TBD)_ bytes.""" > > It seems simpler and less error prone to require truncation always in case > servers come to depend on the behaviour of specific implementations here. So what should that size be? Also, the simplest case is you already have the ping frame in memory, and you just immediately send it back out -- it would actually be more work to truncate it first. > """ Ping frames MAY be sent as a keep-alive mechanism, but if so the > interval SHOULD be configurable.""" > > I have no idea what this SHOULD is trying to require. Is it supposed to be a > requirement on browser UI? On server implementations? Something else? In any > case, we can't really require that things are configurable. See above. If we can get agreement on what a keep-alive mechanism should look like (which I think would be good so that they could be aggregated on muxed connections or rate-limited on mobile networks, for example), then I think it would be great to specify exactly what that happens. The attempt here was to capture that part of the framing which we appear to have agreed on, and use that as a base for finishing the rest of it. > """Close: > > Upon receipt of a close frame, an endpoint SHOULD send a Close > frame to the remote recipient, if it has not already done so, > deliver a close event to the application if necessary, and then > close the WebSocket.""" > > It is not clear what the scope of the SHOULD here is. Since this is nested > inside a MUST clause I guess "and then close the connection" is supposed to > be a requirement. I'm not sure why sending the close frame is "SHOULD". I > don't think it is necessary to talk about "deliver[ing] a close event to the > application" since the interaction between the application and the protocol > is for the application to determine. For the specific case of the JS API we > just need to ensure we use the right terminology so that the description in > the API document is correct (i.e. this needs to match section 7.3 of the > protocol draft and section 5 of the API draft). I don't know if it is reasonable to require the close frame in all cases -- some implementations may not make it easy to close inbound while keeping outbound traffic alive to send the close frame, or the architecture makes it awkward. The original closer has to be prepared to not get a response anyway, in case the connection goes down. Regarding the application layer, it seems like you would want to define the interaction between the WebSocket layer and the application layer, but I agree perhaps the discussion of framing isn't the right place for it. > For example it is unclear what happens if the first frame a client receives has > opcode=0 (aside: it seems like we can design around this particular problem by > e.g. ditching opcode=0 and just ignoring opcode after the first frame in a > fragment). That seems ripe for interoperability problems -- some implementations may wind up just using the opcode of the last frame if they are all sent the same, and an attacker could take advantage of differing implementations to sneak some data past a filtering intermediary by having a different opcode on an intermediate frame. It seems better to avoid those problems by mandating a Continuation opcode, and it also gets you useful error checking (similar to when two bits were used for fragmentation support). > It is also not defined what should happen if any of the reserved > bits are set or if the opcode is in the reserved range. All of these things > are essential for interoperable implementations. Ok. I would suggest mandating that any framing error, such as a non-Continuation opcode on a non-intitial frame, using reserved bits if no extension was negotiated which defined them, etc, the connection should simply be dropped. Maybe we want to have a Control frame for "Framing error", which might be part of the Close frame, or maybe just drop it. -- John A. Tamplin Software Engineer (GWT), Google
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Adam Barth
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- [hybi] I-D Action:draft-ietf-hybi-thewebsocketpro… Internet-Drafts
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Adam Barth
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Joe Hildebrand
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Adam Barth
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Roy T. Fielding
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Gabriel Montenegro
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Takeshi Yoshino
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Joe Hildebrand
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Hector Santos
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Hector Santos
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Alexey Melnikov
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… James Graham
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Julian Reschke
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Olli Pettay
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Gabriel Montenegro
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Olli Pettay
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Julian Reschke
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Scott Ferguson
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] Versioning is a anti-pattern Daniel Stenberg
- Re: [hybi] Versioning is a anti-pattern Tim Bray
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] Versioning is a anti-pattern Dave Cridland
- Re: [hybi] Versioning is a anti-pattern Hector Santos
- [hybi] List of (mostly) editorial changes for dra… Patrick McManus
- Re: [hybi] List of (mostly) editorial changes for… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Dave Cridland
- Re: [hybi] List of (mostly) editorial changes for… Patrick McManus
- [hybi] Web Socket IP Authentication Hector Santos
- Re: [hybi] Versioning is a anti-pattern David Orchard
- Re: [hybi] Versioning is a anti-pattern Greg Wilkins
- Re: [hybi] Versioning is a anti-pattern James Graham
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] Versioning is a anti-pattern Julian Reschke
- Re: [hybi] Web Socket IP Authentication Dave Cridland
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] Web Socket IP Authentication Hector Santos
- Re: [hybi] Versioning is a anti-pattern Patrick McManus
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] Versioning is a anti-pattern Scott Ferguson
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] Versioning is a anti-pattern Scott Ferguson
- Re: [hybi] Versioning is a anti-pattern John Tamplin
- Re: [hybi] Versioning is a anti-pattern Adam Barth
- Re: [hybi] Versioning is a anti-pattern Martin J. Dürst
- Re: [hybi] Versioning is a anti-pattern David Orchard
- Re: [hybi] Versioning is a anti-pattern Willy Tarreau
- Re: [hybi] Versioning is a anti-pattern Julian Reschke
- Re: [hybi] Versioning is a anti-pattern Adam Barth
- Re: [hybi] Versioning is a anti-pattern Greg Wilkins
- Re: [hybi] List of (mostly) editorial changes for… Greg Wilkins
- Re: [hybi] List of (mostly) editorial changes for… Patrick McManus
- Re: [hybi] List of (mostly) editorial changes for… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Brian McKelvey
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Brian
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Anne van Kesteren
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… John Tamplin
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… S Moonesamy
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Willy Tarreau
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Anne van Kesteren
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… S Moonesamy
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… Simon Pieters
- Re: [hybi] I-D Action:draft-ietf-hybi-thewebsocke… S Moonesamy
- Re: [hybi] Versioning is a anti-pattern Julian Reschke