Re: [hybi] #6: HTTP Upgrade in relation to the WebSocket protocol
Greg Wilkins <gregw@webtide.com> Tue, 20 July 2010 00:02 UTC
Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A7A383A6BA5 for <hybi@core3.amsl.com>; Mon, 19 Jul 2010 17:02:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.327
X-Spam-Level:
X-Spam-Status: No, score=-1.327 tagged_above=-999 required=5 tests=[AWL=0.649, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, WEIRD_PORT=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUS1YdBfJMt3 for <hybi@core3.amsl.com>; Mon, 19 Jul 2010 17:02:32 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id C823B3A6BBB for <hybi@ietf.org>; Mon, 19 Jul 2010 17:02:30 -0700 (PDT)
Received: by fxm1 with SMTP id 1so2750761fxm.31 for <hybi@ietf.org>; Mon, 19 Jul 2010 17:02:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.116.147 with SMTP id m19mr4500975faq.52.1279584164119; Mon, 19 Jul 2010 17:02:44 -0700 (PDT)
Received: by 10.223.112.129 with HTTP; Mon, 19 Jul 2010 17:02:44 -0700 (PDT)
In-Reply-To: <4C449763.50900@caucho.com>
References: <063.8d6c52995b7699ce8612481828d6c227@tools.ietf.org> <4C44923B.7000900@hs-weingarten.de> <4C449763.50900@caucho.com>
Date: Tue, 20 Jul 2010 10:02:44 +1000
Message-ID: <AANLkTil8VpJDkn-9bE6cqyUm670IzfdGQuaTHnolMYUy@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: hybi@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [hybi] #6: HTTP Upgrade in relation to the WebSocket protocol
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2010 00:02:33 -0000
I think it is really important to make a very clear separation of the websocket protocol for an established websocket connection and for the protocol used to establish that connection. I would expect that over time there could develop several ways of establishing websocket connections, with HTTP upgrade being the first technique, but then I do see a good use-case for a websocket only handshake like Scott has described. Eventually there may be TLS dependent mechanisms as well. If we clearly separate out the wire protocol from the connection establishment, then we can be very clear about what information is needed from the handshake by the established connection and what information is purely part of the particular handshake and security mechanisms that might be particular just to HTTP upgrade (for example). If websocket does eventually get it's own port(s), then I think it would be highly desirable to have a handshake that does not look like HTTP at all. Having HTTP-like on other ports will at best be confusing, but at worst will result in some actually running real HTTP servers (with websocket capabilities) on the Websocket ports, thus importing all the security concerns of HTTP to the new ports. cheers On 20 July 2010 04:20, Scott Ferguson <ferg@caucho.com> wrote: > Roderick Baier wrote: >> >> Hi >> >> How could a WebSocket client detect if there is port sharing with HTTP or >> not? I'm using WebSockets without HTTP, HTML, JavaScript and so on. From my >> point of view there is no HTTP upgrade handshake, it's just a WebSocket >> handshake that looks like HTTP. >> >> "... not required if no port sharing is going on. In this case there is >> no HTTP from which to Upgrade into WebSockets. There would simply be >> WebSocket protocol over a dedicated port." >> >> What is "simply WebSocket protocol"? You'll still need an opening >> handshake for resource, sub-protocol etc. > > Perhaps something along the lines of the discussion we had earlier, which > might look like: > > http://hessian.caucho.com/websockets/draft-ferg-hybi-websockets-latest.txt > > The client handshake is a HELLO control frame that looks like the > following: > > %x80.02.00.86 WebSocket/1.0 > url: ws://example.com:880/sample/resource > origin: http://example.com/launchpage.php > protocol: tictactoe.example.com/1.0 > <Stream data follows> > > The server handshake is a HELLO control frame that looks like the > following: > > %x80.02.00.32 WebSocket/1.0 > protocol: tictactoe.example.com/1.0 > <Stream data follows> > > -- Scott > > >> >> Best regards >> Roderick >> >> >> >> hybi issue tracker schrieb: >>> >>> #6: HTTP Upgrade in relation to the WebSocket protocol >>> >>> --------------------------------------+------------------------------------- >>> Reporter: g_e_montenegro@… | Owner: Type: >>> enhancement | Status: new >>> Priority: major | Milestone: Component: >>> websocket-requirements | Version: Severity: Active WG Document >>> | Keywords: >>> --------------------------------------+------------------------------------- >>> Specify along the lines of RFC2817, namely, that the HTTP handshake is >>> to >>> be used only if there is port sharing with HTTP, but is, of course, not >>> required if no port sharing is going on. In this case there is no HTTP >>> from which to Upgrade into WebSockets. There would simply be WebSocket >>> protocol over a dedicated port. See http://www.ietf.org/mail- >>> archive/web/hybi/current/msg02175.html. Also clarify that support for >>> port >>> sharing mode of operation MUST be defined by the spec, but that it >>> remains >>> optional operationally. It is not clear what is the use case for a >>> websocket completely independent of HTTP. >>> >> >> _______________________________________________ >> hybi mailing list >> hybi@ietf.org >> https://www.ietf.org/mailman/listinfo/hybi > > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi >
- [hybi] #6: HTTP Upgrade in relation to the WebSoc… hybi issue tracker
- Re: [hybi] #6: HTTP Upgrade in relation to the We… Roderick Baier
- Re: [hybi] #6: HTTP Upgrade in relation to the We… Willy Tarreau
- Re: [hybi] #6: HTTP Upgrade in relation to the We… Scott Ferguson
- Re: [hybi] #6: HTTP Upgrade in relation to the We… Greg Wilkins
- Re: [hybi] #6: HTTP Upgrade in relation to the We… Willy Tarreau