Re: [hybi] Insight you need to know: Browsers are at fault when servers crash
Greg Wilkins <gregw@webtide.com> Mon, 26 July 2010 00:06 UTC
Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 86AD03A6403 for <hybi@core3.amsl.com>; Sun, 25 Jul 2010 17:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.87
X-Spam-Level:
X-Spam-Status: No, score=-0.87 tagged_above=-999 required=5 tests=[AWL=-0.753, BAYES_20=-0.74, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aH7ulfVX5q8L for <hybi@core3.amsl.com>; Sun, 25 Jul 2010 17:06:49 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id 2E9FF3A63EC for <hybi@ietf.org>; Sun, 25 Jul 2010 17:06:49 -0700 (PDT)
Received: by fxm1 with SMTP id 1so6462679fxm.31 for <hybi@ietf.org>; Sun, 25 Jul 2010 17:07:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.111.137 with SMTP id s9mr5685608fap.30.1280102829224; Sun, 25 Jul 2010 17:07:09 -0700 (PDT)
Received: by 10.223.112.129 with HTTP; Sun, 25 Jul 2010 17:07:09 -0700 (PDT)
In-Reply-To: <AANLkTilfxps1wWjFrwrH_3Js6Q9E331AMKFRNHfeHcdL@mail.gmail.com>
References: <AANLkTilfxps1wWjFrwrH_3Js6Q9E331AMKFRNHfeHcdL@mail.gmail.com>
Date: Mon, 26 Jul 2010 10:07:09 +1000
Message-ID: <AANLkTi=vPAnnK0=gE=YN10vt9b-f6sWXXcwK+La5SriO@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Mike Belshe <mike@belshe.com>
Content-Type: multipart/alternative; boundary="001636e0a749697565048c3f2a93"
Cc: hybi@ietf.org
Subject: Re: [hybi] Insight you need to know: Browsers are at fault when servers crash
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2010 00:06:50 -0000
Mike, thanks for translating the intent of the browser dudes and explaining why they are so concerned about this issue. I am certainly not opposed to taking measures to ensure that websocket is not a easy-touch for attackers to use against other protocols and also to make it more robust against attacks itself. I think these are reasonable requirements. However, I still don't see why the only acceptable solution to these concerns has to be a rigid non compliant HTTP handshake with space counting and unframed bytes on the wire? I think this WG has to clearly accept the concerns of browser vendors and make sure that the requirements clearly capture them. But in return, the browser vendors have to accept that there is more than one way to skin a cat, and perhaps we can consider alternative solutions than the one that is currently causing significant objections and real world problems. cheers
- [hybi] Insight you need to know: Browsers are at … Mike Belshe
- Re: [hybi] Insight you need to know: Browsers are… Greg Wilkins
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Mike Belshe
- Re: [hybi] Insight you need to know: Browsers are… John Tamplin
- Re: [hybi] Insight you need to know: Browsers are… Mike Belshe
- Re: [hybi] Insight you need to know: Browsers are… John Tamplin
- Re: [hybi] Insight you need to know: Browsers are… Willy Tarreau
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… John Tamplin
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Mike Belshe
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Willy Tarreau
- Re: [hybi] Insight you need to know: Browsers are… Roderick Baier
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Willy Tarreau
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Willy Tarreau
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Maciej Stachowiak
- Re: [hybi] Insight you need to know: Browsers are… Adam Barth
- Re: [hybi] Insight you need to know: Browsers are… Scott Ferguson
- Re: [hybi] Insight you need to know: Browsers are… Roberto Peon
- Re: [hybi] Insight you need to know: Browsers are… Thomson, Martin
- Re: [hybi] Insight you need to know: Browsers are… Shelby Moore
- Re: [hybi] Insight you need to know: Browsers are… John Tamplin
- Re: [hybi] Insight you need to know: Browsers are… Shelby Moore
- Re: [hybi] Insight you need to know: Browsers are… Shelby Moore