Re: [hybi] #4: handshake does not work properly with HTTP reverse proxy.
Jamie Lokier <jamie@shareable.org> Wed, 21 July 2010 22:30 UTC
Return-Path: <jamie@shareable.org>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 42EB43A6899 for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 15:30:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.367
X-Spam-Level:
X-Spam-Status: No, score=-2.367 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VxVfiMM9OAmd for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 15:29:56 -0700 (PDT)
Received: from mail2.shareable.org (mail2.shareable.org [80.68.89.115]) by core3.amsl.com (Postfix) with ESMTP id 0AF1A3A684F for <hybi@ietf.org>; Wed, 21 Jul 2010 15:29:55 -0700 (PDT)
Received: from jamie by mail2.shareable.org with local (Exim 4.63) (envelope-from <jamie@shareable.org>) id 1Obhnm-0000YT-Iz; Wed, 21 Jul 2010 23:30:10 +0100
Date: Wed, 21 Jul 2010 23:30:10 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Greg Wilkins <gregw@webtide.com>
Message-ID: <20100721223010.GB14589@shareable.org>
References: <068.da8db0c773647cb0ed73d576f39e93ee@tools.ietf.org> <20100717023749.GA2426@shareable.org> <AANLkTil36SNqlpqq2zNMVSgsA_27kqnuioi0qFTKQR1m@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTil36SNqlpqq2zNMVSgsA_27kqnuioi0qFTKQR1m@mail.gmail.com>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: hybi@ietf.org, hybi issue tracker <trac@tools.ietf.org>
Subject: Re: [hybi] #4: handshake does not work properly with HTTP reverse proxy.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2010 22:30:23 -0000
Greg Wilkins wrote: > On 17 July 2010 12:37, Jamie Lokier <jamie@shareable.org> wrote: > > hybi issue tracker wrote: > > From discussions on the hybi list several months ago, several times, I > > got the impression that failure to work through any kind of HTTP proxy > > was *intentional* in the handshake design. > > > > I don't personally agree with that as a design goal, but if it is the > > design goal than this issue #4 isn't a bug. > > >From those same discussion, I concluded that the intent of this > "feature" was to fast fail in the presence of any kind of HTTP proxy. > Given that this "feature" is now resulting in a hang if there is such > a proxy, then I think it is still a bug whatever way you look at it. I agree with something implied here: fast failing is more desirable than slow failing, where it's realistically feasible to trigger fast failing without causing problems. It can't be guaranteed, and there's no point overcomplicating it, but it's useful to try. > More importantly, the best way to test if a connection will support > websocket packets, is to just send websocket packets. Sending 8/16 > random bytes immediately after the HTTP handshake may succeed for a > huge variety of implementation reasons that still do not mean that > websocket packets will succeed. More importantly, to detect the > non-success of sending of the 8/16 random bytes will still involve the > same timeout handling that would be required to check the transmission > of websocket packets. The argument against just sending WebSocket packets is that some WebSocket packets may be valid HTTP and therefore more likely to be misinterpreted or be used as another attack vector, or simply fail to fail fast. That's not possible with the current WebSocket frame types, but it could happen with frame types from the currently reserved range. That's also an argument against making the bytes uniformly random; instead they should also be constrained to avoid looking like HTTP. -- Jamie
- [hybi] #4: handshake does not work properly with … hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Mike Belshe
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] WebSocket -76 is incompatible with HTT… Ian Hickson
- Re: [hybi] WebSocket -76 is incompatible with HTT… Willy Tarreau
- Re: [hybi] WebSocket -76 is incompatible with HTT… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Jamie Lokier
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… Greg Wilkins
- Re: [hybi] #4: handshake does not work properly w… Shelby Moore
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] #4: handshake does not work properly w… John Tamplin
- Re: [hybi] #4: handshake does not work properly w… Willy Tarreau
- Re: [hybi] thewebsocketprotocol #4 (new): handsha… hybi issue tracker
- Re: [hybi] #4: handshake does not work properly w… hybi issue tracker