Re: [hybi] Websocket: two protocols into one, and Internet rules broken
Iñaki Baz Castillo <ibc@aliax.net> Thu, 16 June 2011 14:09 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46C2311E8129 for <hybi@ietfa.amsl.com>; Thu, 16 Jun 2011 07:09:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.665
X-Spam-Level:
X-Spam-Status: No, score=-2.665 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sL0Y7rbEyBya for <hybi@ietfa.amsl.com>; Thu, 16 Jun 2011 07:09:40 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id 8F11311E810F for <hybi@ietf.org>; Thu, 16 Jun 2011 07:09:40 -0700 (PDT)
Received: by qyk29 with SMTP id 29so280919qyk.10 for <hybi@ietf.org>; Thu, 16 Jun 2011 07:09:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.90.83 with SMTP id h19mr714831qcm.268.1308233379935; Thu, 16 Jun 2011 07:09:39 -0700 (PDT)
Received: by 10.229.230.129 with HTTP; Thu, 16 Jun 2011 07:09:39 -0700 (PDT)
In-Reply-To: <4DFA08A5.3010608@weelya.com>
References: <BANLkTim4pKwx6wYC3WwXFWET+gx0bnjigQ@mail.gmail.com> <4DFA08A5.3010608@weelya.com>
Date: Thu, 16 Jun 2011 16:09:39 +0200
Message-ID: <BANLkTi=JGeFmkYcwqQJ_xe=3CGrXwHxHPg@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: Anthony Catel <a.catel@weelya.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: hybi@ietf.org
Subject: Re: [hybi] Websocket: two protocols into one, and Internet rules broken
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 14:09:41 -0000
2011/6/16 Anthony Catel <a.catel@weelya.com>: > "101 Switching Protocols > The server understands and is willing to comply with the client's request, > via the Upgrade message header field (section 14.42), for a change in the > application protocol being used on this connection. The server will switch > protocols to those defined by the response's Upgrade header field > immediately after the empty line which terminates the 101 response. > The protocol SHOULD be switched only when it is advantageous to do so. For > example, switching to a newer version of HTTP is advantageous over older > versions, and switching to a real-time, synchronous protocol might be > advantageous when delivering resources that use such features." > > HTTP doesn't define that a binary protocol should not be used. It also > doesn't define that "swithing protocols" means "must switch between > different HTTP version". Ok, RFC 2616 said that 21 years ago. That does not mean that it's suitable. For me is just a vague specification that nobody cared too much in 1999. > > Now let's imagine we want web browsers to become real SIP or XMPP > > clients (I don't mean SIP or XMPP over WebSocket). Do you expect that > > the browser will first open a TCP connection, then send an HTTP > > "handshake" and then switch same TCP stream to speak SIP or XMPP? and > > all this stuff just because "HTTP is the only protocol in the world"? > > Ok, but how do you handle origin security? By writting a SIP extension? And > thus for every new protocol you want to handle? Security would be handled at SIP or XMPP level. I dont' understand the problem. If a web browser becomes a real SIP or XMPP client it could handle authentication as stated for SIP/XMPP and prompt the human user when required (as when a web server replies 401). > Browsers were designed to speak HTTP. IMHO, if you break this rule, it > leaves the doors wide open to any kind of crazy stuff. Web-browsers must also speak DNS protocol (directly or indirectly, it does not matter). If a new protocol is standarized for web browsers, which is the problem? what about Flash or Java applets? they can open TCP/UDP connections from the webbrowser to make usage of any other protocol. Is it a risk? of course, so let's do standards and mandate security mechanims. But that has nothing to do with "just use HTTP". Note that web browsers were originally designed to speak HTTP and render HTML pages. But now everybody wants IM, video, audio and whatever through a web browser. There is no need to implement all these new requeriments on top of HTTP. Maybe HTTP is not a good protocol for that! there are other protocols. Also, take into account that, after the handshake WebSocket is no longer HTTP, so it *is* a different protocol. It doesn't matter what browsers were originally designed to. -- Iñaki Baz Castillo <ibc@aliax.net>
- Re: [hybi] Websocket: two protocols into one, and… Anthony Catel
- [hybi] Websocket: two protocols into one, and Int… Iñaki Baz Castillo
- Re: [hybi] Websocket: two protocols into one, and… Iñaki Baz Castillo
- Re: [hybi] Websocket: two protocols into one, and… Anthony Catel
- Re: [hybi] Websocket: two protocols into one, and… Iñaki Baz Castillo
- Re: [hybi] Websocket: two protocols into one, and… Willy Tarreau
- Re: [hybi] Websocket: two protocols into one, and… Anthony Catel
- Re: [hybi] Websocket: two protocols into one, and… Joel Martin
- Re: [hybi] Websocket: two protocols into one, and… Ian Fette (イアンフェッティ)
- Re: [hybi] Websocket: two protocols into one, and… Joel Martin
- Re: [hybi] Websocket: two protocols into one, and… Ian Fette (イアンフェッティ)
- Re: [hybi] Websocket: two protocols into one, and… Willy Tarreau
- Re: [hybi] Websocket: two protocols into one, and… Philipp Serafin
- Re: [hybi] Websocket: two protocols into one, and… Joel Martin
- Re: [hybi] Websocket: two protocols into one, and… Joel Martin
- Re: [hybi] Websocket: two protocols into one, and… Iñaki Baz Castillo
- Re: [hybi] Websocket: two protocols into one, and… Ian Fette (イアンフェッティ)
- Re: [hybi] Websocket: two protocols into one, and… Dave Cridland