Re: [hybi] Handshake was: The WebSocket protocol issues.

[Maciej Stachowiak <mjs@apple.com>]

On Sep 23, 2010, at 12:06 PM, Greg Wilkins wrote:

> 2010/9/23 Ian Fette (イアンフェッティ) <ifette@google.com>:
>> Greg,
>> I want to point out that I am totally open to replacing the handshake.
>> However, I do think there are a set of requirements that we should meet:
> 
> Ian,
> 
> I never meant to imply that you were not.   You're doing a great job
> and good progress is being made.
> 
> The only thing that I ask is that when we consider all alternative
> proposals that we do not give the current handshake any benefits
> simply due to incumbency that I believe was not obtained with due
> diligence.    We should simply consider all alternatives and pick the
> best.
> 
> 
> So I'll  summarize my ping pong proposal and then discuss the criteria
> you listed below
> 
> + The client handshake should include a random nonce that the client
> generates after the websocket instance has been created
> + The server handshakes with a 101 that indicates acceptance of the
> websocket upgrade.
> + The server then sends as the first message on the connection a ping
> that has a hash of the nonce in its body.
> + The client recieves the 101 response and then the ping request.
> Only after checking the contents of the ping and sending a pong
> response (to ensure the connection is still open) should it call the
> onopen callback of the websocket object
> + The server has a ping timeout running that is cancelled by the
> receipt of the pong. If the pong is not received, the connection is
> terminated.

This proposal does not appear to defend against a cross-protocol attack on a WebSocket server using a browser-hosted HTTP API.

It also appears to add more round trips before actual message sending can begin in either direction.

Regards,
Maciej