[hybi] Subprotocol semantics. How SHOULD/MUST user-agent and server deal with it
Takeshi Yoshino <tyoshino@google.com> Thu, 14 April 2011 06:58 UTC
Return-Path: <tyoshino@google.com>
X-Original-To: hybi@ietfc.amsl.com
Delivered-To: hybi@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 0A8DFE0687 for <hybi@ietfc.amsl.com>; Wed, 13 Apr 2011 23:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.976
X-Spam-Level:
X-Spam-Status: No, score=-105.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GPoardEGQrjH for <hybi@ietfc.amsl.com>; Wed, 13 Apr 2011 23:57:59 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfc.amsl.com (Postfix) with ESMTP id AC7D9E06AB for <hybi@ietf.org>; Wed, 13 Apr 2011 23:57:59 -0700 (PDT)
Received: from wpaz9.hot.corp.google.com (wpaz9.hot.corp.google.com [172.24.198.73]) by smtp-out.google.com with ESMTP id p3E6vw3v000455 for <hybi@ietf.org>; Wed, 13 Apr 2011 23:57:58 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1302764278; bh=Lho91z9tXVpHqBx9NbE1rqE9adU=; h=MIME-Version:From:Date:Message-ID:Subject:To:Content-Type; b=Dj9OrdAFfSTGWt3oXgcFpOPAJ0QhZ5EG7ANFmjQsd2xWPKkAYgzb47Qs58Sv+ojmq BLGKaTkvrGglN/W/Ezb6Q==
Received: from yxn22 (yxn22.prod.google.com [10.190.4.86]) by wpaz9.hot.corp.google.com with ESMTP id p3E6vvY0029827 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <hybi@ietf.org>; Wed, 13 Apr 2011 23:57:57 -0700
Received: by yxn22 with SMTP id 22so707883yxn.20 for <hybi@ietf.org>; Wed, 13 Apr 2011 23:57:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:from:date:message-id:subject:to :content-type; bh=odtBg1QIIzIGyrRZLZ8UOhwTgHXXbyFibTYxy5BXJ3w=; b=Rkby3rn5d4ICwjQDNYuN9HxEUQqKfvP+WNksFQRkozXChILQkbXSVjaYyGnbNBfCnS OlvNFIf69OwzrfbI4JTA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:from:date:message-id:subject:to:content-type; b=nCR44Gu64I6Bx6+4QHHOQv+iC5Q7F2Ov8fHagF6ODoxeFanYE+tYBX2fRny3zbo2m0 wGZexm83m10QCaH1hWFQ==
Received: by 10.150.114.11 with SMTP id m11mr1226516ybc.426.1302764270458; Wed, 13 Apr 2011 23:57:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.150.57.4 with HTTP; Wed, 13 Apr 2011 23:57:29 -0700 (PDT)
From: Takeshi Yoshino <tyoshino@google.com>
Date: Thu, 14 Apr 2011 15:57:29 +0900
Message-ID: <BANLkTimN3LK=nwhnWheVnhw4Ax4KmLWOgA@mail.gmail.com>
To: hybi@ietf.org
Content-Type: multipart/alternative; boundary="000e0cd5d0109118fd04a0db713d"
X-System-Of-Record: true
Subject: [hybi] Subprotocol semantics. How SHOULD/MUST user-agent and server deal with it
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2011 06:58:01 -0000
We should make it clear whether WebSocket layer (code of user-agent, server framework) must verify only grammar (i.e. follows ABNF or not) or also check some condition beyond grammar checking. If we do latter, we should also define what bad req/res is clearly. Conditions sound bad I can come up with are: For user-agent a) Sec-WebSocket-Protocol in response is not an element of Sec-WebSocket-Protocol in request b) the number of elements in Sec-WebSocket-Protocol in response is two or more c) sent Sec-WebSocket-Protocol but no Sec-WebSocket-Protocol in response d) didn't send Sec-WebSocket-Protocol but response contained Sec-WebSocket-Protocol For server e) supports multiple subprotocols but the user-agent didn't send Sec-WebSocket-Protocol f) supports multiple subprotocols but Sec-WebSocket-Protocol in request didn't contain any of them According to the normative section 5.2.2.2, a), b) and c) mean the server is misbehaving. Current The WebSocket API <http://dev.w3.org/html5/websockets/>cannot handle case b) so, user-agent can do nothing but drop the connection for now. But I also think some application may benefit from having multiple values in Sec-WebSocket-Protocol in response. How we should handle case d) is not defined clearly in the current spec. This can be considered as "the client don't care protocol, but the server explicitly declare the protocol it talks". Here, we come down to a question "what absence of Sec-WebSocket-Protocol in the handshake request means. Wanna talk default subprotocol? Don't care subprotocol?" e) is a kind of server application framework design issue. Maybe server frameworks pass received subprotocol request to application code to ask decision. This is related to d). I can imagine use case like these. - developer uses "absence of Sec-WebSocket-Protocol" as "default please". Server application code decides some default subprotocol from the list of subprotocols it can talk and silently starts talking it by not sending Sec-WebSocket-Protocol in response. - developer uses "absence of Sec-WebSocket-Protocol" as "don't care". Known subprotocols are superchat and chat. User-agent sends no Sec-WebSocket-Protocol. The server sends the best subprotocol that is superchat as Sec-WebSocket-Protocol in response. It sounds clear to me that we should drop the request in case f). ---- I think it's also an option that we leave judgement to upper layer (JavaScript running on the user-agent, application code implemented on the server framework) for case a), c), d), f). i.e. we don't perform any validation other than grammar checking in WebSocket layer. If we decide to check these condition and drop req/res in WebSocket protocol layer, we must give clear semantics for "absence of Sec-WebSocket-Protocol". ---- The followings are some related suggestions from me on the spec text (assuming we allow only one subprotocol in Sec-WebSocket-Protocol in response). 5.2.2.2 (normative section) /subprotocol/ > A (possibly empty) list representing the subprotocol the > server is ready to use. If the server supports multiple subprotocols, then the value should be derived from the > client's handshake, specifically by selecting one of the > values from the "Sec-WebSocket-Protocol" field. The absence of such a field is equivalent to the null value. The empty string is not the same as the null value for these purposes. - Here in a normative section, "must" became "should" from non-normative section 1.3 and 1.9. I think this should be "MUST". - In the first sentence, we should say that the size of list must be 1. - The last sentence is correct but misleading. It sounds that empty string which means a list of one element "" is allowed as Sec-WebSocket-Protocol. - The grammar for Sec-WebSocket-Protocol is not specified in this section, but I think it's just missing. We may say here that it also follows (token | quoted-string). Takeshi
- [hybi] Subprotocol semantics. How SHOULD/MUST use… Takeshi Yoshino
- Re: [hybi] Subprotocol semantics. How SHOULD/MUST… Andy Green
- Re: [hybi] Subprotocol semantics. How SHOULD/MUST… Takeshi Yoshino