IETF Logo Mail Archive

Re: [hybi] It's time to ship

Willy Tarreau <w@1wt.eu> Sun, 09 January 2011 23:00 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 810253A6835 for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 15:00:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.084
X-Spam-Level:
X-Spam-Status: No, score=-2.084 tagged_above=-999 required=5 tests=[AWL=-0.041, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCvLVGudHlNE for <hybi@core3.amsl.com>; Sun, 9 Jan 2011 15:00:19 -0800 (PST)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 91E8D3A67D4 for <hybi@ietf.org>; Sun, 9 Jan 2011 15:00:18 -0800 (PST)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id p09N2TMf010193; Mon, 10 Jan 2011 00:02:29 +0100
Date: Mon, 10 Jan 2011 00:02:29 +0100
From: Willy Tarreau <w@1wt.eu>
To: Adam Barth <ietf@adambarth.com>
Message-ID: <20110109230229.GX5743@1wt.eu>
References: <AANLkTim2VGfH2FiJ4iH85wYiuXNKQ1Arh1C1Kg4M58Fs@mail.gmail.com> <20110109224228.GU5743@1wt.eu> <AANLkTimE-qOhYXO35nBqRWp9ipF-pk_CsO-YrotAjYqX@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <AANLkTimE-qOhYXO35nBqRWp9ipF-pk_CsO-YrotAjYqX@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] It's time to ship
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jan 2011 23:00:20 -0000

On Sun, Jan 09, 2011 at 02:49:10PM -0800, Adam Barth wrote:
> On Sun, Jan 9, 2011 at 2:42 PM, Willy Tarreau <w@1wt.eu> wrote:
> > On Sun, Jan 09, 2011 at 02:21:44PM -0800, Adam Barth wrote:
> >> Gentle people of hybi,
> >>
> >> There's been a lot of good discussion in this working group gathering
> >> consensus around the data framing and the handshake.  At some point we
> >> need to declare victory and ship the protocol, otherwise proprietary
> >> solutions will continue to eat our lunch.
> >>
> >> I've written up a more formal version of Pat's proposal based on the
> >> recent straw poll and subsequent discussion.  This protocol is by no
> >> means perfect, but it's good enough:
> >>
> >> http://www.ietf.org/id/draft-abarth-thewebsocketprotocol-01.txt
> >
> > It would help a lot other WG participants if you could present suggestions,
> > ideas and changes instead of a full proposal. It's hard to spot the proposed
> > changes.
> 
> We've had plenty of suggestions, ideas, and changes.  It's time to ship.

Yesterday, Sal said that there were a number of points to discuss yet, why
this sudden hurry ?

> > At first glance, I'm noticing a few things :
> >
> >  - you're using the OPTIONS method. The WG's consensus was voted as using
> >    GET. While technically working, OPTIONS limits some possibilities since
> >    no path is sent to the server.
> 
> Be that as it may.  OPTIONS is good enough.

But on what basis are you trying to change what was adopted as a consensus ?
I mean, I *know* that OPTIONS can evict more broken intermediaries than GET,
but the participants here have been working on the GET hypothesis with its
capabilities. Noone has had the opportunity to talk about their expectations
and the implications such a change would have for them.

> >  - your proposal involves AES-128-CTR. As was discussed here, it seems there
> >    are still export regulations for certain countries eventhough they're
> >    apparently fading out. It could still be a problem for companies who want
> >    to export products to some countries and which never had to put crypto in
> >    them.
> 
> Frankly, the export restriction issue is a bunch of BS.  AES-128-CTR
> is good enough.

Good enough for what purpose precisely ? HTTP Upgrade is good enough for
Websocket without even any form of masking. Masking was added to address
specific issues that aren't precisely quantified.

> >  - several people on the list asked for the ability to be able to disable
> >    the masking in some well-controlled environments (eg: server-to-server
> >    communications). I see no provisions for this.
> 
> The protocol is good enough without this added flexibility.  If we
> find this is really important, we can add this ability in a future
> version of the protocol.

No, it will be too late because it will never be possible to mix masked
and non-masked frames later since there will be no way to distinguish them.

> >  - it has not yet been stated whether only the payload or also the framing
> >    should be masked. Your proposal masks both, which means that it definitely
> >    blocks any possibility of performing multiplexing later. There does not
> >    appear to have been a consensus in this area yet.
> 
> The protocol is good enough without this added flexibility.  If we
> find this is really important, we can add this ability in a future
> version of the protocol.

Adam, please I can understand that you're in a hurry, but you have
copy-pasted exactly the same response as to the question above. I would
have found it more polite to respond later when you have more time.

> >  - is was suggested that some (all ?) of the nonces could go away if masking
> >    is used. Surely this is something that needs to be rechecked.
> 
> I have checked this issue.  Each nonce in the protocol serves a
> specific purpose and is valuable.

Then would you please take care of explaining them to us in this context
when you have more time ?

> >  - Greg proposed to replace the MORE bit with a FIN bit so that the first
> >    hello frame from the server starts with a high bit set, thus ensuring
> >    that we can break the connection on non-HTTP compliant intermediaries
> >    which would expect a second response after the 101.
> 
> The protocol is good enough without this change.  The masking has us
> covered here.

No, I'm talking about the ability to ensure that a non-compliant intermediary
will fail early instead of remaining stuck waiting for the server to talk.
That once one of Hixie's major concerns and one of the reasons for the Hello
frames suggestion.

Regards,
Willy

v2.23.0 | Report a Bug | By Email