Re: [hybi] Intermediaries and idle connections (was Re: Technical feedback.)

Greg Wilkins <gregw@webtide.com> Sat, 30 January 2010 22:23 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5ECB13A67E5 for <hybi@core3.amsl.com>; Sat, 30 Jan 2010 14:23:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.324
X-Spam-Level:
X-Spam-Status: No, score=-2.324 tagged_above=-999 required=5 tests=[AWL=0.275, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1R8smvLIg4a8 for <hybi@core3.amsl.com>; Sat, 30 Jan 2010 14:23:40 -0800 (PST)
Received: from mail-yx0-f194.google.com (mail-yx0-f194.google.com [209.85.210.194]) by core3.amsl.com (Postfix) with ESMTP id 5D44B3A67CF for <hybi@ietf.org>; Sat, 30 Jan 2010 14:23:40 -0800 (PST)
Received: by yxe32 with SMTP id 32so2692511yxe.5 for <hybi@ietf.org>; Sat, 30 Jan 2010 14:24:05 -0800 (PST)
Received: by 10.101.155.13 with SMTP id h13mr2885100ano.220.1264890245215; Sat, 30 Jan 2010 14:24:05 -0800 (PST)
Received: from ?10.10.1.11? (60-242-119-126.tpgi.com.au [60.242.119.126]) by mx.google.com with ESMTPS id 13sm2144806gxk.9.2010.01.30.14.24.02 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 30 Jan 2010 14:24:03 -0800 (PST)
Message-ID: <4B64B179.9050502@webtide.com>
Date: Sun, 31 Jan 2010 09:23:53 +1100
From: Greg Wilkins <gregw@webtide.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Hybi <hybi@ietf.org>
References: <de17d48e1001280012i2657b587i83cda30f50013e6b@mail.gmail.com> <4B620B8F.6030706@gmx.de> <Pine.LNX.4.64.1001282217320.22053@ps20323.dreamhostps.com> <bbeaa26f1001281449q1a6e1813q3f537fe15a5a9d60@mail.gmail.com> <4B625733.2020907@webtide.com> <6.2.5.6.2.20100128225542.06fa8d68@resistor.net> <Pine.LNX.4.64.1001290817520.22020@ps20323.dreamhostps.com> <4B62C5FE.8090904@it.aoyama.ac.jp> <Pine.LNX.4.64.1001291134350.22020@ps20323.dreamhostps.com> <4B62E516.2010003@webtide.com> <5c902b9e1001290756r3f585204h32cacd6e64fbebaa@mail.gmail.com> <4B636757.3040307@webtide.com> <E379EA13-D58A-4BFB-A62D-2B931A54E276@apple.com> <4B63DD6B.5030803@webtide.com> <E765982E-06B5-48BC-B75D-02E3F9555018@apple.com>
In-Reply-To: <E765982E-06B5-48BC-B75D-02E3F9555018@apple.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [hybi] Intermediaries and idle connections (was Re: Technical feedback.)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2010 22:23:41 -0000

Maciej Stachowiak wrote:

>> But for starters... let's make the upgrade request not just look like a HTTP request, let's make it a real HTTP request.  Then intermediaries and servers would be free to add
>> new headers and do funky HTTP stuff without needing to involve the browsers.
> 
> I don't have anything against this suggestion per se, but it doesn't seem to solve either of the problems raised above:

It doesn't solve the problems, but it enables more standard solutions to them.
It also does not break intermediaries and servers just for giggles.

>> Then for the timeout problem, we actually need the same solution for long polling as for websockets.   We need a standard header that expresses the idle timeouts, which can be
>> checked by all intermediaries and either respected or adjusted by them.
> 
> It seems like we need a mechanism for that which is robust in the face of unaware intermediaries. One way I can think of to do that is to encode the information in a hop-by-hop
> header. Unaware intermediaries would (I hope) just drop it, while aware intermediaries could read it and update the information. Thus, you only get a header indicating WebSocket
> awareness if both the origin server (or client) and all intermediaries are aware, and your idle timeout lower bound would be based on the minimum of all participating endpoints
> and intermediaries.
> 
> Some set of headers is defined to be hop-by-hop: <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.1>. The Connection header can also be used to cause additional
> headers to be treated as hop-by-hop headers: <http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.10>. One thing I don't know is whether deployed intermediaries respect
> this. Do they respect the fixed list of hop-by-hop headers? Do they treat headers listed in the Connection header field as hop-by-hop?

I think a hop-by-hop header is exactly what is needed, so that any non transparent
proxy would have to explicitly copy the timeout value from input to output.

This would still be an issue for transparent proxies that try to not look like
a hope, but at least the argument could be made that the timeout value is there
in the header so they should at least respect it.

So this header will not initially solve the problem, because of non compliant
intermediaries.   However, together with orderly close, it would allow non compliant
intermediaries to be detected (and new connections with shorter idle timeout
re-established).


>> Ideally there could be some non 101 return codes that could be sent so that a websocket client and a websocket server could have several rounds of negotiation for things like
>> credentials, timeouts and maybe even redirections!
> 
> That might help with the origin server, but does it help with intermediaries? If intermediaries would normally just pass through a 101, then you cannot tell if an intermediary
> would time you out faster than your origin server.

Intermediaries often respond to a request on a servers behalf.  They may need
their own authentication or they may do a redirect themselves.

So in a chain A-B-C,  perhaps A-B will first negotiate in a few exchanges
and then A-C will negotiate before the connection is established.

So websocket needs to define what happens when a upgrade request is
responded to with a 401, 302 etc.

regards