Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocketprotocol-08.txt
Greg Wilkins <gregw@intalio.com> Wed, 08 June 2011 23:03 UTC
Return-Path: <gregw@intalio.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6159221F8578; Wed, 8 Jun 2011 16:03:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.422
X-Spam-Level:
X-Spam-Status: No, score=-2.422 tagged_above=-999 required=5 tests=[AWL=0.555, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QIhQHF-jfp1i; Wed, 8 Jun 2011 16:03:38 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id CB43D21F8571; Wed, 8 Jun 2011 16:03:37 -0700 (PDT)
Received: by vws12 with SMTP id 12so1077060vws.31 for <multiple recipients>; Wed, 08 Jun 2011 16:03:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.32.2 with SMTP id e2mr25785vdi.189.1307574217177; Wed, 08 Jun 2011 16:03:37 -0700 (PDT)
Received: by 10.52.108.35 with HTTP; Wed, 8 Jun 2011 16:03:37 -0700 (PDT)
In-Reply-To: <20110608173012.14596.50398.idtracker@ietfa.amsl.com>
References: <20110608173012.14596.50398.idtracker@ietfa.amsl.com>
Date: Thu, 09 Jun 2011 09:03:37 +1000
Message-ID: <BANLkTi=AsE_jHV_tMTEZEcaLnQZCBMp_jA@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Internet-Drafts@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Cc: hybi@ietf.org, i-d-announce@ietf.org
Subject: Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocketprotocol-08.txt
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 23:03:40 -0000
Wow - that was a more extensive rewrite than I was expecting - but most of the text looks to be good improvements - good work! However 4.2 says The payload data is defined as extension data concatenated wit application data. and this is reflected elsewhere in the document. Concatenation is not the correct paradigm as this prohibits a compression or encrypting extension which changes the entire payload. I think we should simply say that the payload data is the application data as processed by all the negotiated extensions. Section 4.4, bullet point 3 is formatted as a bullet point, when it is really a sub clause of the previous bullet point. Also the Note about control frames is formatted as another bullet point. I also think this section needs another point like: * The fragments of one message may not be interleaved between the fragments of another message unless an extension has been negotiated that can interpret the interleaving. 4.8 says: o Extension data may be placed in the payload data before the application data. As above, this prevents compression/encrypting extensions. Extensions must be allowed to arbitrarily mutate the application data. 9.2.1 Compression I still maintain that this extension should not be supported - it breaks all the rules the spec defines for extensions - specifically it mutates the framing. There is an alternative compression proposal available for in frame compression that would comply with the rules of extensions (assuming we remove the concatenation restriction above). In section 10, the draft says: The biggest security risk when sending text data using this protocol is sending data using the wrong encoding. If an attacker can trick the server into sending data encoded as ISO-8859-1 verbatim (for instance), rather than encoded as UTF-8, then the attacker could inject arbitrary frames into the data stream. I don't think this is true - not since we dropped sentinel encoded frames. Length encoded frames are safe to send arbitrary data and there is no possibility of any payload being interpreted as a frame in the datastream.
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Anthony Catel
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- [hybi] I-D ACTION:draft-ietf-hybi-thewebsocketpro… Internet-Drafts
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Gabriel Montenegro
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Bjoern Hoehrmann
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Greg Wilkins
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Bjoern Hoehrmann
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Ian Fette (イアンフェッティ)
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Takeshi Yoshino
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Andy Green (林安廸)
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Dirkjan Ochtman
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Andy Green (林安廸)
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Norio Kobota
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Takeshi Yoshino
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Dirkjan Ochtman
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Norio Kobota
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Denis Lagno
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Takeshi Yoshino
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Andy Green (林安廸)
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Salvatore Loreto
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Julian Reschke
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Bjoern Hoehrmann
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Gabriel Montenegro
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Iñaki Baz Castillo
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Iñaki Baz Castillo
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Iñaki Baz Castillo
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Takeshi Yoshino
- Re: [hybi] I-D ACTION:draft-ietf-hybi-thewebsocke… Takeshi Yoshino