IETF Logo Mail Archive

Re: [hybi] Technical feedback. was: Process!

Greg Wilkins <gregw@webtide.com> Sat, 30 January 2010 22:35 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3EDAA3A67B6 for <hybi@core3.amsl.com>; Sat, 30 Jan 2010 14:35:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.345
X-Spam-Level:
X-Spam-Status: No, score=-2.345 tagged_above=-999 required=5 tests=[AWL=0.254, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nOzpeUtySgS for <hybi@core3.amsl.com>; Sat, 30 Jan 2010 14:35:13 -0800 (PST)
Received: from mail-yw0-f173.google.com (mail-yw0-f173.google.com [209.85.211.173]) by core3.amsl.com (Postfix) with ESMTP id 333E83A6782 for <hybi@ietf.org>; Sat, 30 Jan 2010 14:35:12 -0800 (PST)
Received: by ywh3 with SMTP id 3so449167ywh.22 for <hybi@ietf.org>; Sat, 30 Jan 2010 14:35:37 -0800 (PST)
Received: by 10.101.157.21 with SMTP id j21mr3127178ano.16.1264890937334; Sat, 30 Jan 2010 14:35:37 -0800 (PST)
Received: from ?10.10.1.11? (60-242-119-126.tpgi.com.au [60.242.119.126]) by mx.google.com with ESMTPS id 13sm2149872gxk.9.2010.01.30.14.35.34 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 30 Jan 2010 14:35:36 -0800 (PST)
Message-ID: <4B64B42D.5090007@webtide.com>
Date: Sun, 31 Jan 2010 09:35:25 +1100
From: Greg Wilkins <gregw@webtide.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Maciej Stachowiak <mjs@apple.com>, Hybi <hybi@ietf.org>
References: <de17d48e1001280012i2657b587i83cda30f50013e6b@mail.gmail.com> <6.2.5.6.2.20100128225542.06fa8d68@resistor.net> <Pine.LNX.4.64.1001290817520.22020@ps20323.dreamhostps.com> <4B62C5FE.8090904@it.aoyama.ac.jp> <Pine.LNX.4.64.1001291134350.22020@ps20323.dreamhostps.com> <4B62E516.2010003@webtide.com> <5c902b9e1001290756r3f585204h32cacd6e64fbebaa@mail.gmail.com> <4B636757.3040307@webtide.com> <BBF3CE06-3276-4A7C-8961-7B3DDEE406D0@apple.com> <4B63DC2D.4090702@webtide.com> <5c902b9e1001292325p423d7e82o9478441893e34523@mail.gmail.com> <DF402A25-D858-4E56-811D-464C85226800@apple.com>
In-Reply-To: <DF402A25-D858-4E56-811D-464C85226800@apple.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [hybi] Technical feedback. was: Process!
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2010 22:35:14 -0000

Maciej Stachowiak wrote:
> On Jan 29, 2010, at 11:25 PM, Justin Erenkrantz wrote:
> 
>> On Fri, Jan 29, 2010 at 11:13 PM, Greg Wilkins <gregw@webtide.com> wrote:
>>> Note that there are uses for this protocol beyond javascript in browsers. Improvements in the protocol should not have to wait for improvements in just the js API.
>> Agreed - the motivating factors on my end for an async protocol have applications in mind that look nothing like browsers.  (Autonomous agents is probably the shortest
>> description that gets you in the ballpark.)
> 
> The problem here isn't lack of protocol support for binary frames (as far as I can tell), it's the fact that they are unsupported in the proposed WebSocket client API for
> browsers. Am I misunderstanding? I see a full definition of binary protocol frames in <http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-68>.
> 
> So, unless I'm misunderstanding, you can send binary frames to your heart's delight if you are not relying on JavaScript code running in a browser. Eventually you'll be able to
> do this from JavaScript too, once we have worked out how to manage binary data.
> 
> The only issue with the protocol here is that there are two kinds of framing. But that's not a limitation on the ability to use binary data in non-browser clients, nor is it a
> cause or effect of limitations in the client API. It seems like a matter of judgment whether it's better to have two kinds of framing are one. The SPDY team concluded that it's
> best for performance to use length-encoded framing for everything, which makes me wonder if that lesson applies to the WebSocket protocol as well.

Correct, we can send binary frames now is we wish and consenting endpoints can handle them.

The issues with this are:

  + Why have two framing techniques when binary is sufficient to carry everything.

  + Who controls allocation of the frame type byte?  So far every suggestion of usage
    for that (eg a bit to indicate that the frame contains meta-data headers) has been
    rejected.   So are binary users simply to pick their own bytes and hope for no
    collisions?   Will IANA eventually allocate values?   is 7 bits enough?

  + Sentinel framing is unsafe.   It relies on the fact that there
    are no 0 bytes in the utf-8 strings that are passed to it.   Strangely enough,
    users can't be trusted to always provide valid utf-8 data, so if user data is
    not validated then sentinel encoding allows frame injection attacks.
    After all we have learnt with HTTP, it seams silly to repeat the mistake
    of a protocol that is exposed to such attacks

  + the utf-8 Sentinel framing is inflexible.  It sends only raw utf-8.
    What if I want to send gzipped utf-8, or utf-16 etc.     This could simply be
    handled with  a content encoding header in the upgrade request and use of
    binary framing.


regards

v2.23.0 | Report a Bug | By Email