Re: [hybi] Multiple connections serialization and proxies
Greg Wilkins <gregw@webtide.com> Fri, 23 April 2010 07:48 UTC
Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D7AD53A68A7 for <hybi@core3.amsl.com>; Fri, 23 Apr 2010 00:48:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.942
X-Spam-Level:
X-Spam-Status: No, score=-0.942 tagged_above=-999 required=5 tests=[AWL=-0.202, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id so4zts4NZEMw for <hybi@core3.amsl.com>; Fri, 23 Apr 2010 00:48:26 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 702493A6805 for <hybi@ietf.org>; Fri, 23 Apr 2010 00:48:25 -0700 (PDT)
Received: by wyb35 with SMTP id 35so1159677wyb.31 for <hybi@ietf.org>; Fri, 23 Apr 2010 00:48:11 -0700 (PDT)
Received: by 10.216.176.143 with SMTP id b15mr2031140wem.155.1272008891610; Fri, 23 Apr 2010 00:48:11 -0700 (PDT)
Received: from [192.168.0.100] (host116-234-static.43-88-b.business.telecomitalia.it [88.43.234.116]) by mx.google.com with ESMTPS id z3sm994087wbs.10.2010.04.23.00.48.10 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 23 Apr 2010 00:48:10 -0700 (PDT)
Message-ID: <4BD150B2.9070204@webtide.com>
Date: Fri, 23 Apr 2010 09:48:02 +0200
From: Greg Wilkins <gregw@webtide.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: "hybi@ietf.org" <hybi@ietf.org>
References: <4BCF4932.8040303@gmail.com> <4BD09A2C.6060506@gmail.com> <x2n557ae281004221224i2a9a46c0k6f6f684c94de255c@mail.gmail.com> <8B0A9FCBB9832F43971E38010638454F03E7D06DF7@SISPE7MB1.commscope.com> <20100422225448.GG13951@shareable.org> <8B0A9FCBB9832F43971E38010638454F03E7D06E00@SISPE7MB1.commscope.com> <20100422230957.GI13951@shareable.org> <8B0A9FCBB9832F43971E38010638454F03E7D06E06@SISPE7MB1.commscope.com> <20100423001858.GA22326@shareable.org> <8B0A9FCBB9832F43971E38010638454F03E7D06E28@SISPE7MB1.commscope.com>
In-Reply-To: <8B0A9FCBB9832F43971E38010638454F03E7D06E28@SISPE7MB1.commscope.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [hybi] Multiple connections serialization and proxies
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2010 07:48:27 -0000
Martin, You are correct in noting that the DOS protection is simply to serialized connections. However, one of the prime victims of this would be any application that needs multiple "connections" to/from the server. We've seen from the SPDY analysis that RTT is on the critical path for rendering webpages, so *IF* multiple websocket connections are to be encouraged, then this serialization could potentially be a significant latency on some applications. My preference would be to enable the use of a single connection with multiplexing - so that multiple "connections" would not need to suffer the cost of any RTT for TCP, TLS etc. and would certainly not need to be serialized with other "connections" establishment. As you and Jamie have pointed out, this would need to be done properly, by which I mean: + no imposition on minimal implmentations of websocket. + equal semantics to dedicated connection websocket. + transparent to websocket API users. cheers Thomson, Martin wrote: >> Correct, there is no mechanism, but also no need for one since reuse >> and multiplexing don't occur. If they're added, a virtual connection >> mechanism will be at the same time. > > I think that I misread the referenced section. > > Just re-read it. > > So, the only protection against multi-connection-DOS from the one client is to request that the client not have more than one connection attempt in progress at a time. > > This only works if the client doesn't get rejected straight away, otherwise, the round trip time is the only limiting factor, which isn't that great. > > Some (security considerations) advice on what a server might do to take advantage of the client-side requirement would be good. > > --Martin
- [hybi] Multiple connections serialization and pro… Wellington Fernando de Macedo
- Re: [hybi] Multiple connections serialization and… Wellington Fernando de Macedo
- Re: [hybi] Multiple connections serialization and… Wellington Fernando de Macedo
- Re: [hybi] Multiple connections serialization and… Christian Biesinger
- Re: [hybi] Multiple connections serialization and… Thomson, Martin
- Re: [hybi] Multiple connections serialization and… Jamie Lokier
- Re: [hybi] Multiple connections serialization and… Thomson, Martin
- Re: [hybi] Multiple connections serialization and… Jamie Lokier
- Re: [hybi] Multiple connections serialization and… Jamie Lokier
- Re: [hybi] Multiple connections serialization and… Thomson, Martin
- Re: [hybi] Multiple connections serialization and… Jamie Lokier
- Re: [hybi] Multiple connections serialization and… Thomson, Martin
- Re: [hybi] Multiple connections serialization and… Greg Wilkins
- Re: [hybi] Multiple connections serialization and… Jamie Lokier
- Re: [hybi] Multiple connections serialization and… Ian Hickson
- Re: [hybi] Multiple connections serialization and… John Tamplin
- Re: [hybi] Multiple connections serialization and… Ian Hickson
- Re: [hybi] Multiple connections serialization and… Greg Wilkins
- Re: [hybi] Multiple connections serialization and… Jamie Lokier
- Re: [hybi] Multiple connections serialization and… Simon Pieters
- Re: [hybi] Multiple connections serialization and… Greg Wilkins
- Re: [hybi] Multiple connections serialization and… Simon Pieters