IETF Logo Mail Archive

Re: [hybi] Client offers invalid WS protocols, what must the server do? 101???

Brian <theturtle32@gmail.com> Wed, 31 August 2011 21:57 UTC

Return-Path: <theturtle32@gmail.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05BED21F8F3C for <hybi@ietfa.amsl.com>; Wed, 31 Aug 2011 14:57:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.474
X-Spam-Level:
X-Spam-Status: No, score=-3.474 tagged_above=-999 required=5 tests=[AWL=0.124, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N5R6C83xd2W4 for <hybi@ietfa.amsl.com>; Wed, 31 Aug 2011 14:57:35 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id E151E21F8F32 for <hybi@ietf.org>; Wed, 31 Aug 2011 14:57:34 -0700 (PDT)
Received: by bkar4 with SMTP id r4so1543292bka.31 for <hybi@ietf.org>; Wed, 31 Aug 2011 14:59:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5joIZm1/0O+aAWOjnhnOYLm0Qf0a+Dqykf1wKbmy/K8=; b=EkAMb73JtTcf2eat9GUZlZ+RBqb6AJjQT3Is5vOWz7qO3A+yW56J2KNcxgfHIB1lFE xk3uVGMkDm6R3HoP8t9acn6RkXiMvqZ8W/IIJgxAc1Agicejmd0R7N4lR9yye2VOVUh8 5ZQKYHcRWEo3iMMe3hekhsLnT00cDgHgtEjqY=
MIME-Version: 1.0
Received: by 10.204.128.148 with SMTP id k20mr555872bks.24.1314827945404; Wed, 31 Aug 2011 14:59:05 -0700 (PDT)
Received: by 10.204.150.72 with HTTP; Wed, 31 Aug 2011 14:59:05 -0700 (PDT)
In-Reply-To: <4E5E94D8.4070302@gmail.com>
References: <CALiegfkC9dLOnLfSQApE9OjoSV1RXT7cTumZ6+yCR1tWo_cvmw@mail.gmail.com> <4E5CBEA0.2080605@isode.com> <CALiegfn3dPyZMR3ZZ3CtwOeAmC4sxd0=kos4Z82B2qeh_aZASQ@mail.gmail.com> <4E5CC6A7.7030304@isode.com> <CALiegfnc-YRPZZvgJjmvtafKnkJB7rXJ9KcPDKL-ceeAdwGEGQ@mail.gmail.com> <4E5CC8B8.7090702@isode.com> <CALiegfmSs-FhS5AuJHWFhGdbxS4pLSHA1Kk2y_P5GwwG_YneyQ@mail.gmail.com> <CABLsOLCBSnW+R9vr=RbRosTo55tv-_gG9yLdoj5AqW4rU6rcPQ@mail.gmail.com> <4E5D04F8.30801@isode.com> <4E5E5EDA.6000606@gmail.com> <4E5E79C4.2080100@callenish.com> <CAMaigVkreB5P2ieXJxZbQ3yPZs0kwmJmqvA0t0jHMBA40BjF-Q@mail.gmail.com> <CALiegfmi3et2==qziAg1toWHjkiBAUrLfQDPmEKuU+Jx_D6ZTQ@mail.gmail.com> <CABLsOLC0m-NpG6L-95rju3vLinMa3d8b3pncoM53fkoN+xs3Fg@mail.gmail.com> <CALiegfkYc=S2-Ljc3Tvy+28EjiHSHv5GrDk4aAQi8q=aQjRV1Q@mail.gmail.com> <4E5E94D8.4070302@gmail.com>
Date: Wed, 31 Aug 2011 14:59:05 -0700
Message-ID: <CAE8AN_URa2RvhmF50cAH4GLNm76WN6REkJYu6uEv-jEXzF=MBg@mail.gmail.com>
From: Brian <theturtle32@gmail.com>
To: Philipp Serafin <phil127@gmail.com>
Content-Type: multipart/alternative; boundary="0015174c43a6a06a4904abd43ccc"
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Client offers invalid WS protocols, what must the server do? 101???
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 21:57:36 -0000

Yes.  This requirement should be in the spec.  Frankly, I implemented my
WebSocket libraries this way as it's the only thing that makes any sense.  I
just assumed that's how it was supposed to be.  It didn't really occur to me
that the protocol was underspecified here.  There is absolutely no
reasonable use case for the server to fall back to an unspecified default
protocol and accept the connection if it doesn't know any of the requested
subprotocols from the client, just like there's no acceptable use case for
the server to accept the connection with a subprotocol not contained in the
list of subprotocols requested by the client.  If the client requests a list
of subprotocols, that is to be taken as the canonical list of the only
subprotocols it knows how to speak.  Anything else will fail.  It should
respond with a 4xx HTTP error code.

The *only* time a server should accept the connection with a default
unspecified subprotocol is when the client doesn't request any subprotocols
at all.  That's really the end of the story.

This minor enhancement to the spec would be trivial and shouldn't hold
anything else up.

Brian


On Wed, Aug 31, 2011 at 1:08 PM, Philipp Serafin <phil127@gmail.com> wrote:

>  Am 31.08.2011 22:05, schrieb Iñaki Baz Castillo:
>
> Me (and others AFAIK) are just proposing that, in **case** the client
> provides a WS protocol in the HTTP GET, and the server **does not**
> support such protocol, then the server MUST reject the WS handshake
> (which means a 4XX error code rather than "101 I don't know what we
> are supposed to speak now but I accept the WS session").
>
>  Exactly.
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>
>

v2.23.0 | Report a Bug | By Email