Re: [hybi] #1: HTTP Compliance

[Bjoern Hoehrmann <derhoermi@gmx.net>]

* Maciej Stachowiak wrote:
>True. If someone comes up with a proposal to solve the same problem in a
>way that doesn't technically violate HTTP, that would be great, and we
>can consider it. What if there isn't? Do we give up and leave the
>protocol less effective than it could be for the sake of purity?
>
>I can see how the idea of HTTP compliance should be a preference, but I
>don't see how it can be a hard requirement, if it turns out that we can
>make the protocol work better only by violating.

I do not think the requirement here is useful as sending only proper
HTTP messages over what is assumed to be a HTTP connection is a matter
of course and not some self-imposed requirement; there is no need to
spell that out. If you want an option to violate the HTTP protocol if
deemed beneficial, you would have to argue for putting that option into
the document and not have others argue why underlying specifications
should be adhered to.

However, as we have a requirement to be able for HTTP and Websocket
implementations to share a port, the option would be in conflict with
that requirement (consider an intrusion detection system; it receives a
packet for port 80, analyzes it and finds it has a HTTP request followed
by rubbish where another request is expected; it then rejects the whole
thing). Note that Ian's draft actually argues that port sharing is en-
abled by following the HTTP protocol during the handshake.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/