IETF Logo Mail Archive

Re: [hybi] #1: HTTP Compliance

Willy Tarreau <w@1wt.eu> Sun, 15 August 2010 10:50 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7EC2A3A687E for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 03:50:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.974
X-Spam-Level:
X-Spam-Status: No, score=-2.974 tagged_above=-999 required=5 tests=[AWL=-0.931, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C7Ui3BNF0GSb for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 03:50:20 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 7BC3C3A657C for <hybi@ietf.org>; Sun, 15 Aug 2010 03:50:20 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o7FAojjL027795; Sun, 15 Aug 2010 12:50:45 +0200
Date: Sun, 15 Aug 2010 12:50:45 +0200
From: Willy Tarreau <w@1wt.eu>
To: gustav trede <gustav.trede@gmail.com>
Message-ID: <20100815105045.GB27614@1wt.eu>
References: <f7d4bb98e444b85b9bf1af6d4d9f0772.squirrel@sm.webmail.pair.com> <20100815100717.GA27614@1wt.eu> <AANLkTimQeG32CbZG5DsGmthwH3CwqHtncs7tGCTtg0d+@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTimQeG32CbZG5DsGmthwH3CwqHtncs7tGCTtg0d+@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: hybi@ietf.org
Subject: Re: [hybi] #1: HTTP Compliance
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2010 10:50:22 -0000

On Sun, Aug 15, 2010 at 12:24:38PM +0200, gustav trede wrote:
> On 15 August 2010 12:07, Willy Tarreau <w@1wt.eu> wrote:
> 
> > On Sun, Aug 15, 2010 at 05:10:09AM -0400, Shelby Moore wrote:
> > > An HTTP proxy that is compatible with draft/proposal #76 (the contentious
> > > one that passes 8 extra characters after the HTTP header without a
> > > Content-Length header), would need a specific code path for the WebSocket
> > > upgrade request in order to pass 8, and only 8, extra characters
> > > (concensus is that passing an arbitrary content length would be a
> > security
> > > hole).
> > >
> > > Isn't it the antithesis of the 80/20 rule and interoperability to require
> > > every HTTP proxy in the world to have specific code path for every
> > > possible future HTTP Upgrade protocol that comes along?
> >
> > it's even worse than that, it means that such a reverse-proxy, when shared
> > between HTTP and Websocket, will have to accept to blindly forward those 8
> > bytes everytime someones *pretends* to talk websocket, without the server's
> > consent.
> >
> > Since reverse-proxies are used everywhere (in IDS, HTTP-aware firewalls,
> > caches, load balancers, etc...), it is not even advisable to have per-host
> > or per-IP rules considering the large number of hosts that can be installed
> > behind any of them.
> >
> > So it is very important that if we go the HTTP way, we respect the
> > protocol's
> > semantics.
> >
> > In fact, the protocol can be made HTTP compliant by switching two lines in
> > the description of the server's behaviour : the server just has to send the
> > 101 *BEFORE* it reads the /key3/ parameter, and we're done.
> >
> >
> So how come that several technical unsound ideas that more or less originate
> from one person is ending up in the spec proposal in the first place ?.

You can't blame one single person for proposing something that does not
happen to work in some circumstances. If everything was that simple, the
proposal would already have become a spec. One of the goal of the single
person was to ensure that we'd get quick failures through incompatible
intermediaries. Achieving this means we may play on the border line of
the protocol. As long as no problem is identified, there's nothing wrong.
It's once the problem is identified that we must fix it and get back to
the compliant side of the protocol.

Regards,
Willy

v2.23.0 | Report a Bug | By Email