[hybi] minutes vers.2: HyBi meeting at IETF81

Salvatore Loreto <salvatore.loreto@ericsson.com> Tue, 02 August 2011 10:51 UTC

Return-Path: <salvatore.loreto@ericsson.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3AF1321F8EEE for <hybi@ietfa.amsl.com>; Tue, 2 Aug 2011 03:51:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.284
X-Spam-Status: No, score=-106.284 tagged_above=-999 required=5 tests=[AWL=-0.285, BAYES_00=-2.599, J_CHICKENPOX_55=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Dmz0hxsqxJ0K for <hybi@ietfa.amsl.com>; Tue, 2 Aug 2011 03:51:51 -0700 (PDT)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net []) by ietfa.amsl.com (Postfix) with ESMTP id E551421F8ED0 for <hybi@ietf.org>; Tue, 2 Aug 2011 03:51:49 -0700 (PDT)
X-AuditID: c1b4fb3d-b7c17ae00000262e-f6-4e37d6cdfba3
Received: from esessmw0237.eemea.ericsson.se (Unknown_Domain []) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id 50.B6.09774.DC6D73E4; Tue, 2 Aug 2011 12:51:57 +0200 (CEST)
Received: from mail.lmf.ericsson.se ( by esessmw0237.eemea.ericsson.se ( with Microsoft SMTP Server id; Tue, 2 Aug 2011 12:51:57 +0200
Received: from nomadiclab.lmf.ericsson.se (nomadiclab.lmf.ericsson.se []) by mail.lmf.ericsson.se (Postfix) with ESMTP id 4FC942461 for <hybi@ietf.org>; Tue, 2 Aug 2011 13:51:57 +0300 (EEST)
Received: from nomadiclab.lmf.ericsson.se (localhost []) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 1650D51240 for <hybi@ietf.org>; Tue, 2 Aug 2011 13:51:57 +0300 (EEST)
Received: from n211.nomadiclab.com (localhost []) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id B0AD251001 for <hybi@ietf.org>; Tue, 2 Aug 2011 13:51:56 +0300 (EEST)
Message-ID: <4E37D6CC.6030006@ericsson.com>
Date: Tue, 02 Aug 2011 13:51:56 +0300
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: hybi@ietf.org
References: <4E36DC50.6000005@ericsson.com>
In-Reply-To: <4E36DC50.6000005@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Brightmail-Tracker: AAAAAA==
Subject: [hybi] minutes vers.2: HyBi meeting at IETF81
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2011 10:51:52 -0000

Hi there,

here the version 2 of the minutes from HyBi meeting at IETF81.

thanks to Peter and Willy to highlight the mistake/unclarity related to DNS-SRV decision.

Please review the minutes and send any correction to the chairs by
Monday August 25th,
as the "proceeding submission cutoff" is Friday August 29th.

Special thank to Li Kepeng and Gabriel Montenegro to collect the notes during the meetings.


Salvatore Loreto

HyBi note from the meeting

   Thursday, July 26th, 2011
   17:40 - 19:40 Afternoon Session II
   Note Taker : Li Kepeng, Gabriel Montenegro

Slides at https://datatracker.ietf.org/meeting/81/materials.html#wg-hybi

Administrative/Agenda bash                                (Chairs - 10m)

Salvatore: almost time to start to work on a test suites

Greg thinks his draft has some wrong ideas, better to restart from scratch

Thread initiated on the subject here: 

Test suite proposal here: 

status and other business about the finalization of the main spec       
(Alexey Melnikov  - 80m)

*Major Issues*:

- Remove deflate-stream from the base spec            --Agreed

- Use DNS SRV as part of the base spec                    --Consensus to 
exclude DNS SRV from the base spec
Richard barnes: agree
Sal: we have spent a lot of time on being compliant with the existing 

- Add ability to add max frame size announcement       --Agreed

-Richard Barnes to help with security review and wording in sec 
     Add HSTS, CSP, etc

 From jabber: kepeng_li\40jabber.org: please capture an action item for 
the chairs/editors to ask for double-checking of the URI schemes by the 
uri-review discussion list

-Server "failing a websocket connection" and server dropping without 
telling the reason to the client

     -Two cases: either during the handshake or after it  (once the 
connection is established)

     -Mechanisms exist, add clarification to the text

     -Editorial issue

-Version in upgrade token? No.

     -Not required

     - Mark N ok with not doing this

- X-namespace? No resolution yet.

     -the issue will be discussed on the HyBi mailing list

     -Perhaps. This is gaining steam in app-related discussions and the 
IESG will probably be looking out for this issue.

     -[Side discussion afterwards: check with appswg, and if this is 
gaining ground, we can go with it.]

- Language tagging: optional tag NOT to be added.

     -Just clarify "MUST NOT be shown to users" and avoid tagging altogether

- Major.minor version? ok

     -No minor

     -Just clarify that major ver change: no backward compat

- Cookies

     -Just remove mention of cookies, let HTTP stand

     -[action item: editors to double-check other text that may be 
affected by the removal of any mention of cookies.]

- Reconnection logic -  OK

     -add some randomization to avoid synchronization

     -Ian: treat this as two separate cases: fail at connect (e.g., 
server overload) vs fail after connect

- GET method? OK

     -Richard Barnes: seems like a handshake could be devised to not 
have masking

     -Again rathole on masking

     -We'll leave it as is

- Masking: ok

     -but better description to avoid future ratholes and confusion

- Large frames or messages and DoS security considerations

     -Document potential issues and mitigations
         §  Frame size announcement to be added
         §  Option for either side to terminate at any time

     -Need not be all buffered, could be a handle to a stream

     -API issue

- Origin vs sec-websocket-origin, why both?

     -Need to double-check with Adam Barth

     -CoRS-like pre-flight check also being done?

     -"contact the server" to be clarified

- Error code ranges:

     -4 or so currently

     -Have only 2?

     -Ian: Having more code ranges reduces probability of collisions

     -Alexey: weak argument

     -Ian: perhaps but it being imperfect still allows it to be useful

     -Resolution: reduce number to 2 (or 3)

- HTTP allows both token and quoted-string  (Julian Reschke)

     -Ian: No need for quoted-string

         §  If want quoted-string, also suggest text

     -Julian Reschke: let's take this to the mailing list

- The rest of the issues are minor or editorial or there is no change to 
be done.

extensions and other options :                            (Ian Fette - 20m)

-Good support for both Frame compression and multiplex

-Timeout also mentioned, some support.
Kepeng Li: it is useful for the request to indicate the request-timeout 
and connection-timeout

Open Discussion                                            (All - 10m)