IETF Logo Mail Archive

Re: [hybi] Technical feedback. was: Process!

Greg Wilkins <gregw@webtide.com> Sun, 31 January 2010 00:40 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 84DE93A683F for <hybi@core3.amsl.com>; Sat, 30 Jan 2010 16:40:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iq6gzixsgJvj for <hybi@core3.amsl.com>; Sat, 30 Jan 2010 16:40:38 -0800 (PST)
Received: from mail-yw0-f173.google.com (mail-yw0-f173.google.com [209.85.211.173]) by core3.amsl.com (Postfix) with ESMTP id 6C03F3A67A8 for <hybi@ietf.org>; Sat, 30 Jan 2010 16:40:38 -0800 (PST)
Received: by ywh3 with SMTP id 3so500219ywh.22 for <hybi@ietf.org>; Sat, 30 Jan 2010 16:41:03 -0800 (PST)
Received: by 10.101.136.27 with SMTP id o27mr3132165ann.93.1264898463785; Sat, 30 Jan 2010 16:41:03 -0800 (PST)
Received: from ?10.10.1.11? (60-242-119-126.tpgi.com.au [60.242.119.126]) by mx.google.com with ESMTPS id 14sm2201420gxk.6.2010.01.30.16.41.01 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 30 Jan 2010 16:41:03 -0800 (PST)
Message-ID: <4B64D194.4020604@webtide.com>
Date: Sun, 31 Jan 2010 11:40:52 +1100
From: Greg Wilkins <gregw@webtide.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Hybi <hybi@ietf.org>
References: <de17d48e1001280012i2657b587i83cda30f50013e6b@mail.gmail.com> <4B620B8F.6030706@gmx.de> <Pine.LNX.4.64.1001282217320.22053@ps20323.dreamhostps.com> <bbeaa26f1001281449q1a6e1813q3f537fe15a5a9d60@mail.gmail.com> <4B625733.2020907@webtide.com> <6.2.5.6.2.20100128225542.06fa8d68@resistor.net> <Pine.LNX.4.64.1001290817520.22020@ps20323.dreamhostps.com> <4B62C5FE.8090904@it.aoyama.ac.jp> <Pine.LNX.4.64.1001291134350.22020@ps20323.dreamhostps.com> <4B62E516.2010003@webtide.com> <5c902b9e1001290756r3f585204h32cacd6e64fbebaa@mail.gmail.com> <4B636757.3040307@webtide.com> <BBF3CE06-3276-4A7C-8961-7B3DDEE406D0@apple.com> <4B63DC2D.4090702@webtide.com> <4678E38C-EBD3-4867-B3A6-53A60F7F26C0@apple.com> <4B64B93E.3010703@webtide.com> <6E7A870D-4641-4F34-8DA9-112A367920F1@apple.com>
In-Reply-To: <6E7A870D-4641-4F34-8DA9-112A367920F1@apple.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [hybi] Technical feedback. was: Process!
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jan 2010 00:40:39 -0000

Maciej Stachowiak wrote:
> If you are embedding untrusted third party code on your site without doing anything to restrict what it can do, then you have much bigger problems than excessive WebSocket connections.

exactly - which is why connection limits should be enforced by the browser and not the application.

>> Voluntary resource restriction just does not work.
> 
> I think the main limiting factor on use of excess connections is simply that many of the likely use cases would not actually benefit from using more connections (as described in other parts of my previous email).

I still don't think it is a good idea to enable browsers to be the perfect
platform for launching denial of service attacks on any server/port.


regards

v2.23.0 | Report a Bug | By Email