Re: [hybi] New port and Tunneling?

"Shelby Moore" <> Mon, 23 August 2010 12:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 56EA63A6864 for <>; Mon, 23 Aug 2010 05:03:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.239
X-Spam-Status: No, score=-2.239 tagged_above=-999 required=5 tests=[AWL=0.360, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nCCVYW62ZsTp for <>; Mon, 23 Aug 2010 05:03:40 -0700 (PDT)
Received: from ( []) by (Postfix) with SMTP id D0D5D3A69E3 for <>; Mon, 23 Aug 2010 05:03:39 -0700 (PDT)
Received: (qmail 28364 invoked by uid 65534); 23 Aug 2010 12:04:13 -0000
Received: from ([]) (SquirrelMail authenticated user by with HTTP; Mon, 23 Aug 2010 08:04:13 -0400
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <> <2276.1282119618.010687@puncture> <> <>
Date: Mon, 23 Aug 2010 08:04:13 -0400
From: "Shelby Moore" <>
To: "Salvatore Loreto" <>
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: Re: [hybi] New port and Tunneling?
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Aug 2010 12:03:41 -0000

> Hi Shelby,
> this thread has been quite intense (45 mails, quite long mail, in less
> three days)
> as chair I want to clarify that
> - a P2P approach is not in scope of this wg (pleae read the charter and
> check what is really the focus of this wg:
> )

Wasn't the original focus of WhatG (from which this WG derived) about
WebApps? If so, then why are we ignoring 99% of the internet as the
following explains?

P2P peers (clients) are the majority of the internet, by an
order-of-magnitude at least (as compared to HTTP servers).

I understand that W3C WebApps is a forum for the wider scope, but should
why should we roll another thing just for a different port?  The vast
majority of what we are designing here would the same on another port, so
kicking this back up to W3C WebApps, defeats efficiency and optimal
encapsulation principles of design.

> - the HTTP Upgrade handshake has been in the protocol proposal since the
> first version of the spec (before it become a wg item for HyBi wg),
>    this wg has then decided that if the Handshake is based on Upgrade
> and then looks like HTTP, it needs to be HTTP but at same time have to
> take
>    in consideration the security problem higlighted in the discussion.
>    Instead of continuing to discuss theoretically about it, I have asked
> people to provide text for an HTTP Upgrade handshake that reflect the
> decision
>    and the concerns of the wg.
> - a TLS NPN approach as been proposed and several people, in the ml,
> have showed support for it.
>    I have asked Adam to provide text describing/proposing an handshake
> solution using TLS/NPN
>    he has kindly provided it in
> I haven't seen any people in favor of your proposal, if you want still
> push for it then I suggest you
> to write down a design of how your solution would work, with a full and
> complete technical description of the handshake:
> describing what kind of NAT/Firewall you have in mind, how they are
> supposed to interact etc. etc.
> (as Adam has provided for TLS/NPN)
> so that people can eventually read your technical proposal and comment
> on the solution you are proposing.
> You can send the solution in a mail or write down in a draft and submit
> it to the IETF and then advertise it
> in this mailing list and then patiently wait for people to comment it if
> they are interested.
> Note also that this is not the right place to discuss the Security
> issues academically;
> this wg is to discuss and solve Security issues that can be generate
> from technical solutions within the current version of the
> WebSocketProtocol draft
> or from alternative design solutions proposed.
> regards
> /Sal
> --
> Salvatore Loreto
> _______________________________________________
> hybi mailing list