Re: [hybi] Formal declaration of consensus: HTTP Compliance

On Fri, Aug 6, 2010 at 2:17 PM, Salvatore Loreto
<salvatore.loreto@ericsson.com> wrote:
> just as clarification:
>
> the declaration of consensus does not exclude TLS-nextprotoneg alternative,
> indeed the declaration states:
>
> "- The WG's focus is on leveraging existing HTTP-based infrastructure,
> although a future rechartering could
> investigate other alternatives."

That makes it sound like we'd need a rechartering to consider using
TLS+NPN as the handshake.  The charter seems to say:

[[
  Although multiple protocols exist as starting points, backward
  compatibility with these protocols is not a requirement.
]]

Can you explain what parts of the charter rule out a websocket
handshake based on TLS?

> however a TLS handshake based on draft-agl-tls-nextprotoneg-00 at moment
> does not seem a reasonable one
> for the next 4weeks plan neither so straightforward for the 6months plan.

Why is that?  The TLS+NPN handshake is much simpler than the existing handshake.

> However, I want encourage all the people that find value on TLS-nextprotoneg
> to discuss it in the TLS wg,
> and also write down a draft on its usage as alternative handshake for
> WebSocket and submit it.

Thanks for the encouragement, but I feel like you're railroading the
working group instead of building consensus.  The Tao of IETF says:

[[
Any decision made at a face-to-face meeting must also gain consensus
on the WG mailing list.
]]

When on this mailing list did we come to consensus about using an
HTTP-complaint handshake?  I certainly missed it.

Kind regards,
Adam

[1] http://www.ietf.org/tao.html#getting.things.done

> On 8/6/10 7:05 PM, Adam Barth wrote:
>
> On Fri, Aug 6, 2010 at 2:48 AM, Alexey Melnikov
> <alexey.melnikov@isode.com> wrote:
>
>
> Maciej Stachowiak wrote:
>
>
> On Aug 6, 2010, at 1:24 AM, Dave Cridland wrote:
>
>
> On Fri Aug  6 09:11:43 2010, Adam Barth wrote:
>
>
> Also, the main advocates for a TLS+NPN based handshake (Maciej and
> myself) weren't present at the face-to-face meeting.  I don't see that
> we've reached a rough consensus on this point at all.  I'm certainly
> not as experienced in IETF process as Salvatore, but we seem to be
> jumping the gun here.
>
>
> As I recall, EKR made the point that TLS+NPN has yet to go through the
> standards process, so would be problematic from that standpoint.
>
> It's not that anyone's arguing that it should be discarded, it's more
> that for the foreseeable, we should concentrate on an HTTP Upgrade based
> solution.
>
>
> If the requirements document is to be taken seriously, and the change the
> Chairs requested is made, then it would require that we discard the TLS+NPN
> solution since it doesn't involve an exchange of Upgrade headers at all.
> Indeed, this argument has been cited repeatedly as a reason the requirements
> document to not be too specific about the details.
>
> Personally, I think this declaration of consensus is premature. Clearly a
> number of people disagree with the alleged consensus, and I believe we have
> serious technical reasons for this and are not just cranks. The statement
> from the chairs does not address these arguments at all.
>
>
> If people want to do TLS+NPN, then NPN should be sent to TLS WG for review
> now[ish]. As other people pointed out, this might take a few months (with no
> guaranty of positive feedback from the TLS WG). But of course this shouldn't
> stop interested parties from progressing NPN document toward being an RFC.
>
>
> I'll talk with Adam Langley about doing that.  I think NPN has value
> beyond WebSockets, so it's worth putting through the standards process
> even if we eventually decide to go another route with WebSockets.
>
> Adam
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>
>
> --
> Salvatore Loreto
> www.sloreto.com
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>
>