[hybi] <draft-ietf-hybi-thewebsocketprotocol-10> Sec-WebSocket-Key needed?

Alexander Yastrebov <menone7@gmail.com> Wed, 20 July 2011 11:57 UTC

Return-Path: <menone7@gmail.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4492E21F8665 for <hybi@ietfa.amsl.com>; Wed, 20 Jul 2011 04:57:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZPD2L0jKodMS for <hybi@ietfa.amsl.com>; Wed, 20 Jul 2011 04:57:32 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id 812F421F85B5 for <hybi@ietf.org>; Wed, 20 Jul 2011 04:57:32 -0700 (PDT)
Received: by vxi40 with SMTP id 40so117524vxi.31 for <hybi@ietf.org>; Wed, 20 Jul 2011 04:57:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=tIeFskBgYawxqLWIfS3vaGlW5m3QIthBAuafl2gtr4E=; b=l/xMnvGhAmNK/K2eXa06c3GjFI+ZYEWcboZhoRaNw/ELrGWlFLRJo5+zLjFJ/Q/Mnv hDOY5ZyzyfRQsacqlfzCRMu4Spc84chqK13+XX56RIqJhE4sODBB+uRcLh4kuahtjh6p 2tWGxsTjQAFuPquqsmhcdhZKGy4mbTnExEC3E=
MIME-Version: 1.0
Received: by with SMTP id b7mr299491vdu.264.1311163051879; Wed, 20 Jul 2011 04:57:31 -0700 (PDT)
Received: by with HTTP; Wed, 20 Jul 2011 04:57:31 -0700 (PDT)
Date: Wed, 20 Jul 2011 18:57:31 +0700
Message-ID: <CAJnFuGPq=QmV52DdBRQRNDps5JddLvTVKzfQHqcEVzT7GQkEjA@mail.gmail.com>
From: Alexander Yastrebov <menone7@gmail.com>
To: hybi@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
X-Mailman-Approved-At: Wed, 20 Jul 2011 05:21:31 -0700
Subject: [hybi] <draft-ietf-hybi-thewebsocketprotocol-10> Sec-WebSocket-Key needed?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2011 12:17:17 -0000

>   The WebSocket protocol is an independent TCP-based protocol.  Its
>   only relationship to HTTP is that its handshake is interpreted by
>   HTTP servers as an Upgrade request.

If it independent protocol, then say me why it send messages
with "HTTP/1.1"? If change this part (example "WSOCK/0.11") then
security issues with XmlHttpRequest disappear. Do not supporting
WebSocket servers MUST answer "400 Bad Request". But separate one
from another is very simple. And the need for such a complicated
handshake disappears. No?