[hybi] Subprotocol semantics. How SHOULD/MUST user-agent and server deal with it
Takeshi Yoshino <tyoshino@google.com> Thu, 14 April 2011 06:58 UTC
Return-Path: <tyoshino@google.com>
X-Original-To: hybi@ietfc.amsl.com
Delivered-To: hybi@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 0A8DFE0687 for <hybi@ietfc.amsl.com>; Wed, 13 Apr 2011 23:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.976
X-Spam-Level:
X-Spam-Status: No, score=-105.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GPoardEGQrjH for <hybi@ietfc.amsl.com>; Wed, 13 Apr 2011 23:57:59 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfc.amsl.com (Postfix) with ESMTP id AC7D9E06AB for <hybi@ietf.org>; Wed, 13 Apr 2011 23:57:59 -0700 (PDT)
Received: from wpaz9.hot.corp.google.com (wpaz9.hot.corp.google.com [172.24.198.73]) by smtp-out.google.com with ESMTP id p3E6vw3v000455 for <hybi@ietf.org>; Wed, 13 Apr 2011 23:57:58 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1302764278; bh=Lho91z9tXVpHqBx9NbE1rqE9adU=; h=MIME-Version:From:Date:Message-ID:Subject:To:Content-Type; b=Dj9OrdAFfSTGWt3oXgcFpOPAJ0QhZ5EG7ANFmjQsd2xWPKkAYgzb47Qs58Sv+ojmq BLGKaTkvrGglN/W/Ezb6Q==
Received: from yxn22 (yxn22.prod.google.com [10.190.4.86]) by wpaz9.hot.corp.google.com with ESMTP id p3E6vvY0029827 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <hybi@ietf.org>; Wed, 13 Apr 2011 23:57:57 -0700
Received: by yxn22 with SMTP id 22so707883yxn.20 for <hybi@ietf.org>; Wed, 13 Apr 2011 23:57:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:from:date:message-id:subject:to :content-type; bh=odtBg1QIIzIGyrRZLZ8UOhwTgHXXbyFibTYxy5BXJ3w=; b=Rkby3rn5d4ICwjQDNYuN9HxEUQqKfvP+WNksFQRkozXChILQkbXSVjaYyGnbNBfCnS OlvNFIf69OwzrfbI4JTA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:from:date:message-id:subject:to:content-type; b=nCR44Gu64I6Bx6+4QHHOQv+iC5Q7F2Ov8fHagF6ODoxeFanYE+tYBX2fRny3zbo2m0 wGZexm83m10QCaH1hWFQ==
Received: by 10.150.114.11 with SMTP id m11mr1226516ybc.426.1302764270458; Wed, 13 Apr 2011 23:57:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.150.57.4 with HTTP; Wed, 13 Apr 2011 23:57:29 -0700 (PDT)
From: Takeshi Yoshino <tyoshino@google.com>
Date: Thu, 14 Apr 2011 15:57:29 +0900
Message-ID: <BANLkTimN3LK=nwhnWheVnhw4Ax4KmLWOgA@mail.gmail.com>
To: hybi@ietf.org
Content-Type: multipart/alternative; boundary="000e0cd5d0109118fd04a0db713d"
X-System-Of-Record: true
Subject: [hybi] Subprotocol semantics. How SHOULD/MUST user-agent and server deal with it
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2011 06:58:01 -0000
We should make it clear whether WebSocket layer (code of user-agent, server
framework) must verify only grammar (i.e. follows ABNF or not) or also check
some condition beyond grammar checking. If we do latter, we should also
define what bad req/res is clearly.
Conditions sound bad I can come up with are:
For user-agent
a) Sec-WebSocket-Protocol in response is not an element of
Sec-WebSocket-Protocol in request
b) the number of elements in Sec-WebSocket-Protocol in response is two or
more
c) sent Sec-WebSocket-Protocol but no Sec-WebSocket-Protocol in response
d) didn't send Sec-WebSocket-Protocol but response contained
Sec-WebSocket-Protocol
For server
e) supports multiple subprotocols but the user-agent didn't send
Sec-WebSocket-Protocol
f) supports multiple subprotocols but Sec-WebSocket-Protocol in request
didn't contain any of them
According to the normative section 5.2.2.2, a), b) and c) mean the server is
misbehaving. Current The WebSocket API
<http://dev.w3.org/html5/websockets/>cannot handle case b) so,
user-agent can do nothing but drop the connection
for now. But I also think some application may benefit from having multiple
values in Sec-WebSocket-Protocol in response.
How we should handle case d) is not defined clearly in the current spec.
This can be considered as "the client don't care protocol, but the server
explicitly declare the protocol it talks". Here, we come down to a question
"what absence of Sec-WebSocket-Protocol in the handshake request means.
Wanna talk default subprotocol? Don't care subprotocol?"
e) is a kind of server application framework design issue. Maybe server
frameworks pass received subprotocol request to application code to ask
decision. This is related to d). I can imagine use case like these.
- developer uses "absence of Sec-WebSocket-Protocol" as "default please".
Server application code decides some default subprotocol from the list of
subprotocols it can talk and silently starts talking it by not sending
Sec-WebSocket-Protocol in response.
- developer uses "absence of Sec-WebSocket-Protocol" as "don't care". Known
subprotocols are superchat and chat. User-agent sends no
Sec-WebSocket-Protocol. The server sends the best subprotocol that is
superchat as Sec-WebSocket-Protocol in response.
It sounds clear to me that we should drop the request in case f).
----
I think it's also an option that we leave judgement to upper layer
(JavaScript running on the user-agent, application code implemented on the
server framework) for case a), c), d), f). i.e. we don't perform any
validation other than grammar checking in WebSocket layer.
If we decide to check these condition and drop req/res in WebSocket protocol
layer, we must give clear semantics for "absence of Sec-WebSocket-Protocol".
----
The followings are some related suggestions from me on the spec text
(assuming we allow only one subprotocol in Sec-WebSocket-Protocol in
response).
5.2.2.2 (normative section)
/subprotocol/
> A (possibly empty) list representing the subprotocol the
>
server is ready to use. If the server supports multiple
subprotocols, then the value should be derived from the
> client's handshake, specifically by selecting one of the
> values from the "Sec-WebSocket-Protocol" field. The absence
of such a field is equivalent to the null value. The empty
string is not the same as the null value for these purposes.
- Here in a normative section, "must" became "should" from non-normative
section 1.3 and 1.9. I think this should be "MUST".
- In the first sentence, we should say that the size of list must be 1.
- The last sentence is correct but misleading. It sounds that empty string
which means a list of one element "" is allowed as Sec-WebSocket-Protocol.
- The grammar for Sec-WebSocket-Protocol is not specified in this section,
but I think it's just missing. We may say here that it also follows (token |
quoted-string).
Takeshi
- [hybi] Subprotocol semantics. How SHOULD/MUST use… Takeshi Yoshino
- Re: [hybi] Subprotocol semantics. How SHOULD/MUST… Andy Green
- Re: [hybi] Subprotocol semantics. How SHOULD/MUST… Takeshi Yoshino