IETF Logo Mail Archive

Re: [hybi] [whatwg] WebSockets: UDP

Erik Möller <emoller@opera.com> Fri, 11 June 2010 10:18 UTC

Return-Path: <emoller@opera.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A713E28C15A for <hybi@core3.amsl.com>; Fri, 11 Jun 2010 03:18:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.069
X-Spam-Level:
X-Spam-Status: No, score=-4.069 tagged_above=-999 required=5 tests=[AWL=0.371, BAYES_20=-0.74, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IKmpd1FCvG8N for <hybi@core3.amsl.com>; Fri, 11 Jun 2010 03:18:14 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id D14B928C15F for <hybi@ietf.org>; Fri, 11 Jun 2010 03:18:13 -0700 (PDT)
Received: from emoller-pc.gothenburg.osa (046-tdc.opera.com [213.236.208.46] (may be forged)) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o5BAIAbx006207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 11 Jun 2010 10:18:11 GMT
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: Mark Frohnmayer <mark.frohnmayer@gmail.com>
References: <op.vdl9bszhr4mipi@emoller-pc.gothenburg.osa> <AANLkTin8TYLeOdZmKbs6IqklsS5P24Qd4kqtTV_UXp-l@mail.gmail.com> <op.vdmg3ov6r4mipi@emoller-pc.gothenburg.osa> <AANLkTim2j9xbgW4fnKYy69uZ9KwBaDvs1ypu92pG1Hxo@mail.gmail.com> <op.vdm0lrqmr4mipi@emoller-pc.gothenburg.osa> <AANLkTimPvtS9hE-frSVQq8dWBEG9-fvCfnTsOVCbVXQt@mail.gmail.com> <op.vdpn931pr4mipi@emoller-pc.gothenburg.osa> <op.vd3ndpzqr4mipi@emoller-pc.gothenburg.osa> <AANLkTilrDDGU10AZQ3KZ2lkuwmEt-RKRJUIls38ajtb6@mail.gmail.com>
Date: Fri, 11 Jun 2010 12:18:24 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: Erik Möller <emoller@opera.com>
Organization: Opera Software
Message-ID: <op.vd4r8yvlr4mipi@emoller-pc.gothenburg.osa>
In-Reply-To: <AANLkTilrDDGU10AZQ3KZ2lkuwmEt-RKRJUIls38ajtb6@mail.gmail.com>
User-Agent: Opera Mail/10.53 (Win32)
Cc: "whatwg@whatwg.org" <whatwg@whatwg.org>, Hybi <hybi@ietf.org>, Philip Taylor <excors+whatwg@gmail.com>
Subject: Re: [hybi] [whatwg] WebSockets: UDP
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2010 10:18:15 -0000

On Fri, 11 Jun 2010 00:21:38 +0200, Mark Frohnmayer  
<mark.frohnmayer@gmail.com> wrote:

> TorqueSocket is not in the same category as RakNet or OpenTNL

Ah, sorry I got the names mixed up, I meant to say RakNet/OpenTNL and not  
RakNet/TorqueSocket.

> I'd recommend doing some real-world testing for max packet size.  Back
> when the original QuakeWorld came out it started by sending a large
> connect packet (could be ~8K) and a good number of routers would just
> drop those packets unconditionally.  The solution (iirc) was to keep
> all packet sends below the Ethernet max of 1500 bytes.  I haven't
> verified this lately to see if that's still the case, but it seems
> real-world functionality should be considered.

Absolutely, that's why the path-MTU attribute was suggested. The ~64k  
limit is an absolute limit though at which sends can be rejected  
immediately without even trying.

> If WebSocket supports an encrypted and unencrypted mode, why would the
> real-time version not support data security and integrity?

The reasoning was that if you do need data security and integrity the  
secure websocket over TCP uses the same state-of-the-art implementation as  
the browsers already have implemented. Secure connections over UDP would  
either require a full TCP over UDP implementation (to use TLS) or a second  
implementation that would need to be maintained. That implementation would  
be either a very complex piece or software or clearly inferior to that  
users are accustomed to.
So what's a good use-case where you want a secure connection over UDP and  
cannot use a second TLS connection?

> Client puzzles allow the host to allocate zero resources for a pending
> connection until it knows that the source address of the client
> request is valid and that the client has done some work; you could
> still take a similar (though not client computationally expensive)
> approach by having the host hash the client identity (IP/port) with a
> server-generated secret.  Any approach that allocates memory or does
> work on the host without verifying the client source address first is
> vulnerable to a super-trivial DOS attack (connection depletion before
> even any bandwidth overwhelm).

Right, this is probably an area that needs to be looked more carefully at  
if/when real work is started on a spec.

> I'd propose that doing this in the javascript level would result in
> unnecessary extra overhead (sequence numbering, acknowledgements) that
> could easily be a part of the underlying protocol.  Having implemented
> multiple iterations of a high-level networking API, the notification
> function is a critical, low-overhead tool for making effective
> higher-level data guarantees possible.

Yes, no doubt it's useful for those implementing higher level APIs. As  
usual it's a matter of at what level to place the API.

-- 
Erik Möller
Core Developer
Opera Software

v2.23.0 | Report a Bug | By Email