Re: [hybi] Client offers invalid WS protocols, what must the server do? 101???

John Tamplin <jat@google.com> Wed, 31 August 2011 20:17 UTC

Return-Path: <jat@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 271D221F8CE7 for <hybi@ietfa.amsl.com>; Wed, 31 Aug 2011 13:17:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.774
X-Spam-Level:
X-Spam-Status: No, score=-105.774 tagged_above=-999 required=5 tests=[AWL=-0.098, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mjdMwK7acv6e for <hybi@ietfa.amsl.com>; Wed, 31 Aug 2011 13:17:36 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfa.amsl.com (Postfix) with ESMTP id 3B0EE21F8CC3 for <hybi@ietf.org>; Wed, 31 Aug 2011 13:17:36 -0700 (PDT)
Received: from hpaq7.eem.corp.google.com (hpaq7.eem.corp.google.com [172.25.149.7]) by smtp-out.google.com with ESMTP id p7VKJ6vj022262 for <hybi@ietf.org>; Wed, 31 Aug 2011 13:19:06 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1314821946; bh=WhbwjwKLzeeEiEKm9w3dRbhyETE=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=NAdKHMFoVcoHoGCKY0r2pkOH0VACn65LmXJEh+xFkLDkeFyal/Qj0z3mzAeS/z7o8 GEGxn3RSFtb1wFwT3nDRA==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:from:date: message-id:subject:to:cc:content-type:x-system-of-record; b=GTaeeG8bYR/s3D5u7sKJCJxe/4MALPLVQmAIb92NUiuKKPvKbCSw9p2gb76W/K3ok O+i7UD5/IWSib2j7Nj92A==
Received: from qwj9 (qwj9.prod.google.com [10.241.195.73]) by hpaq7.eem.corp.google.com with ESMTP id p7VKFu3E001316 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <hybi@ietf.org>; Wed, 31 Aug 2011 13:19:05 -0700
Received: by qwj9 with SMTP id 9so779933qwj.7 for <hybi@ietf.org>; Wed, 31 Aug 2011 13:19:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=aHjIkuGO9oDLdMfHTHcP7lyYPihMegug4/B7RSOXZOo=; b=nHDu4CiJE2S/nBMNeq0KtDLNjSiDaTBlT1UTzjycJBPpjtVohFxEGeZqgFrVf4iIx8 T51zAYCCi/1kVj8+sehw==
Received: by 10.229.72.162 with SMTP id m34mr672025qcj.189.1314821945264; Wed, 31 Aug 2011 13:19:05 -0700 (PDT)
Received: by 10.229.72.162 with SMTP id m34mr672019qcj.189.1314821945063; Wed, 31 Aug 2011 13:19:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.138.137 with HTTP; Wed, 31 Aug 2011 13:18:45 -0700 (PDT)
In-Reply-To: <CALiegfkYc=S2-Ljc3Tvy+28EjiHSHv5GrDk4aAQi8q=aQjRV1Q@mail.gmail.com>
References: <CALiegfkC9dLOnLfSQApE9OjoSV1RXT7cTumZ6+yCR1tWo_cvmw@mail.gmail.com> <4E5CBEA0.2080605@isode.com> <CALiegfn3dPyZMR3ZZ3CtwOeAmC4sxd0=kos4Z82B2qeh_aZASQ@mail.gmail.com> <4E5CC6A7.7030304@isode.com> <CALiegfnc-YRPZZvgJjmvtafKnkJB7rXJ9KcPDKL-ceeAdwGEGQ@mail.gmail.com> <4E5CC8B8.7090702@isode.com> <CALiegfmSs-FhS5AuJHWFhGdbxS4pLSHA1Kk2y_P5GwwG_YneyQ@mail.gmail.com> <CABLsOLCBSnW+R9vr=RbRosTo55tv-_gG9yLdoj5AqW4rU6rcPQ@mail.gmail.com> <4E5D04F8.30801@isode.com> <4E5E5EDA.6000606@gmail.com> <4E5E79C4.2080100@callenish.com> <CAMaigVkreB5P2ieXJxZbQ3yPZs0kwmJmqvA0t0jHMBA40BjF-Q@mail.gmail.com> <CALiegfmi3et2==qziAg1toWHjkiBAUrLfQDPmEKuU+Jx_D6ZTQ@mail.gmail.com> <CABLsOLC0m-NpG6L-95rju3vLinMa3d8b3pncoM53fkoN+xs3Fg@mail.gmail.com> <CALiegfkYc=S2-Ljc3Tvy+28EjiHSHv5GrDk4aAQi8q=aQjRV1Q@mail.gmail.com>
From: John Tamplin <jat@google.com>
Date: Wed, 31 Aug 2011 16:18:45 -0400
Message-ID: <CABLsOLAiFmU+GordWVRduvwk7zM0_+O4MLPuCjeQDjyd_CVO5w@mail.gmail.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="0016e6506b60fa79c504abd2d67b"
X-System-Of-Record: true
Cc: hybi@ietf.org
Subject: Re: [hybi] Client offers invalid WS protocols, what must the server do? 101???
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 20:17:37 -0000

On Wed, Aug 31, 2011 at 4:05 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> What? and what about HTTP API's? don't you expect that there will also
> exist WS API's so I can develope, for example, a Linux KDE desktop
> application/widget that connects to Gmail via WebSocket (Google WS
> API) to check my mail in realtime??? You work in Google, you should
> know it, am I wrong?
>

Since you brought it up, lets take such an example.  You can connect using
the GData APIs to get your calendar information, etc. over HTTP today.  You
can do that despite the fact that HTTP doesn't support a subprotocol
defining what that API looks like.  It works because you read the docs and
wrote code to speak the "subprotocol" over that connection, despite the fact
that it wasn't announced.

Likewise, you could do exactly the same in WS whether or not a hypothetical
GData service over WebSocket used a subprotocol.


> A protocol MUST NOT be designed taking that wrong assumption into
> account. This is a protocol, not a JavaScript "feature" to make the
> text blinking or ringing in Chrome.
>

The protocol is defined, and a subprotocol cannot change the framing or
representation of messages in the base protocol.  To me, that limits the
value of subprotocol as out-of-band identification of what the next layer up
plans to do with that channel, similar to a MIME type for HTTP.  I don't see
where your suggestion this is a Javascript feature enters into it.


> Of course, what you propose is just valid for allowing a stupid JS
> developer coding a JS application that connects to the WS server by
> providing "Sec-WebSocket-Protocol:
> i-dont-know-programming.but-i-am-cool.com".


Your attitude is not conducive to constructive conversation.

-- 
John A. Tamplin
Software Engineer (GWT), Google