Re: [hybi] Fwd: [apps-discuss] Review of draft-ietf-hybi-thewebsocketprotocol for apps-review

Willy Tarreau <w@1wt.eu> Thu, 21 July 2011 13:23 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8C1F21F891D for <hybi@ietfa.amsl.com>; Thu, 21 Jul 2011 06:23:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.629
X-Spam-Level:
X-Spam-Status: No, score=-5.629 tagged_above=-999 required=5 tests=[AWL=-3.886, BAYES_00=-2.599, HELO_IS_SMALL6=0.556, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7PMu1kaX3u8 for <hybi@ietfa.amsl.com>; Thu, 21 Jul 2011 06:23:31 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id F015221F87A4 for <hybi@ietf.org>; Thu, 21 Jul 2011 06:23:29 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p6LDNQM6016254; Thu, 21 Jul 2011 15:23:26 +0200
Date: Thu, 21 Jul 2011 15:23:26 +0200
From: Willy Tarreau <w@1wt.eu>
To: =?iso-8859-1?Q?I=F1aki?= Baz Castillo <ibc@aliax.net>
Message-ID: <20110721132326.GA16218@1wt.eu>
References: <4E281977.8090103@stpeter.im> <CALiegfnD79B052Y3P=SoNM9OQ0h_iTCB+8qroBtLHQgXL=oPFA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CALiegfnD79B052Y3P=SoNM9OQ0h_iTCB+8qroBtLHQgXL=oPFA@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Fwd: [apps-discuss] Review of draft-ietf-hybi-thewebsocketprotocol for apps-review
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2011 13:23:32 -0000

On Thu, Jul 21, 2011 at 03:00:00PM +0200, Iñaki Baz Castillo wrote:
> 2011/7/21 Peter Saint-Andre <stpeter@stpeter.im>im>:
> > The more substantive issue: I'm left unclear as to whether cookies are
> > really expected to be used, or how the client might know that it needs
> > to use cookies or else the application will not work. In many Web sites,
> > the site will not work if cookies are not used by the client, and this
> > is sufficiently rare that it's OK. Is that OK for a Websockets app? How
> > will the user know how to fix the problem? Since Websockets can't as
> > easily reply with a Web page to explain how to enable cookies, it would
> > be good to be more clear on this.
> 
> And this clearly shows the lack of specification for any
> authentication mechanism in WebSocket. It seems that someone though
> "perhaps Cookies are good solution" and just added that to the spec
> without describing it. Too much vague for a protocol specification
> IMHO.

Cookies are not only used for authentication. They're used for persistence
and QoS too.

Willy