IETF Logo Mail Archive

Re: [hybi] Handshake was: The WebSocket protocol issues.

Willy Tarreau <w@1wt.eu> Fri, 24 September 2010 15:31 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4ED03A6AFA for <hybi@core3.amsl.com>; Fri, 24 Sep 2010 08:31:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.788
X-Spam-Level:
X-Spam-Status: No, score=-2.788 tagged_above=-999 required=5 tests=[AWL=-0.745, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kpcig0CNhV38 for <hybi@core3.amsl.com>; Fri, 24 Sep 2010 08:31:08 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id B7CD83A6AA3 for <hybi@ietf.org>; Fri, 24 Sep 2010 08:31:04 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o8OFVMWo032044; Fri, 24 Sep 2010 17:31:22 +0200
Date: Fri, 24 Sep 2010 17:31:22 +0200
From: Willy Tarreau <w@1wt.eu>
To: Alexander Voronin <alexander.voronin@gmail.com>
Message-ID: <20100924153122.GC28314@1wt.eu>
References: <AANLkTikszM0pVE-0dpZ2kv=i=y5yzS2ekeyZxtz9N=fQ@mail.gmail.com> <AANLkTikczXMx9XSY4jGaVwh5LndRTTLg==+LPj=JmiGk@mail.gmail.com> <AANLkTi=_TYM1vZrZYBoSu+8j9WrSXfaZ42EMRmnF3rnz@mail.gmail.com> <AANLkTi=gqCD=ymNawDYnpRommm2CesrBFqC-eDCpuFvG@mail.gmail.com> <AANLkTikKgvO28yKrE3X7FrAnssFFkrogwWbYo6pJEsJC@mail.gmail.com> <20100924145816.GB28314@1wt.eu> <AANLkTimYMc+YvUd0bBmWtdSTC0S5Gm34cSE0c26e5RMg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTimYMc+YvUd0bBmWtdSTC0S5Gm34cSE0c26e5RMg@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] Handshake was: The WebSocket protocol issues.
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 15:31:09 -0000

On Fri, Sep 24, 2010 at 06:08:31PM +0300, Alexander Voronin wrote:
> Let's see whats happen when we using WebSocket:
> 1. JavaScript creates socket
> 
> 
> var webSocket = new WebSocket('ws://localhost/echo');
> 
> 
> 2. Browser here can't send any kind of data, but just handshaking
> 
> GET /echo HTTP/1.1
> Upgrade: WebSocket
> Connection: Upgrade
> Host: example.com
> Origin: http://example.com
> WebSocket-Protocol: sample

Current version of the draft implies that the browser also sends 8 bytes
after that. And if we do things badly, the handshake could require sending
more bytes, thus becoming more dangerous. 

> ---
> 
> HTTP/1.1 101 Web Socket Protocol Handshake
> Upgrade: WebSocket
> Connection: Upgrade
> WebSocket-Origin: http://example.com
> WebSocket-Location: ws://example.com/demo
> WebSocket-Protocol <http://example.com/demoWebSocket-Protocol>: sample
>
> 3. Just now after browser GOT 101 and correct handshake data we can sand
> some data

We all agree about that, but as several people have indicated, this minimal
handshake requires two round trips because it still does not validate the
fact that the whole chain can exchange data in both directions. That's why
there are thoughts about improving from that point.

Regards,
Willy

v2.23.0 | Report a Bug | By Email