IETF Logo Mail Archive

Re: [hybi] WebSocket handshake (HTTP and SSO)

Joe Hildebrand <joe.hildebrand@webex.com> Wed, 01 September 2010 23:41 UTC

Return-Path: <Joe.Hildebrand@webex.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C3183A6A0E for <hybi@core3.amsl.com>; Wed, 1 Sep 2010 16:41:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.119
X-Spam-Level:
X-Spam-Status: No, score=-104.119 tagged_above=-999 required=5 tests=[AWL=0.413, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, RCVD_NUMERIC_HELO=2.067, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmLlpkIzYv9X for <hybi@core3.amsl.com>; Wed, 1 Sep 2010 16:41:22 -0700 (PDT)
Received: from gw1.webex.com (gw1.webex.com [64.68.122.208]) by core3.amsl.com (Postfix) with SMTP id 41C923A6A0A for <hybi@ietf.org>; Wed, 1 Sep 2010 16:41:21 -0700 (PDT)
Received: from SRV-EXSC03.webex.local ([192.168.252.197]) by gw1.webex.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 1 Sep 2010 16:41:52 -0700
Received: from 66.114.169.8 ([66.114.169.8]) by SRV-EXSC03.webex.local ([192.168.252.200]) via Exchange Front-End Server mailus.webex.com ([66.114.175.11]) with Microsoft Exchange Server HTTP-DAV ; Wed, 1 Sep 2010 23:41:31 +0000
User-Agent: Microsoft-Entourage/12.24.0.100205
Date: Wed, 01 Sep 2010 17:41:30 -0600
From: Joe Hildebrand <joe.hildebrand@webex.com>
To: Greg Wilkins <gregw@webtide.com>, ifette <ifette@google.com>
Message-ID: <C8A440CA.34665%joe.hildebrand@webex.com>
Thread-Topic: [hybi] WebSocket handshake (HTTP and SSO)
Thread-Index: ActKLzOc8KR9/Hd6o02jci84a3++bA==
In-Reply-To: <AANLkTin4qBCJUjkgncV6okBPAJvTRfu+_uRUcnTsXArp@mail.gmail.com>
IM-ID: xmpp:jhildebr@cisco.com
Presence-ID: xmpp:jhildebr@cisco.com
Jabber-ID: jhildebr@cisco.com
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 01 Sep 2010 23:41:52.0310 (UTC) FILETIME=[40E8AD60:01CB4A2F]
Cc: hybi <hybi@ietf.org>, Brodie Thiesfield <brodie@jellycan.com>
Subject: Re: [hybi] WebSocket handshake (HTTP and SSO)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 23:41:23 -0000

On 9/1/10 5:30 PM, "Greg Wilkins" <gregw@webtide.com> wrote:

> Sec-WebSocket-Key1: the ietf process failed 12345678

It's too early to declare that, I hope.

Let's start by understanding the requirement.  Gabriel, it looks like we
don't have anything that addresses the rationale behind this handshaking
approach in the requirements draft -- do you concur?

Assuming that my quick skim of draft-ietf-hybi-websocket-requirements-01
didn't miss anything, can someone propose language for the requirements
draft that adequately captures what we're trying to protect against?

-- 
Joe Hildebrand

v2.23.0 | Report a Bug | By Email