Protocol Action: 'The WebSocket protocol' to Proposed Standard (draft-ietf-hybi-thewebsocketprotocol-17.txt)

The IESG <> Fri, 30 September 2011 15:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3115521F8B08; Fri, 30 Sep 2011 08:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.507
X-Spam-Status: No, score=-102.507 tagged_above=-999 required=5 tests=[AWL=0.092, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gSdtZqXOHcGN; Fri, 30 Sep 2011 08:38:51 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 3951721F8BA0; Fri, 30 Sep 2011 08:38:51 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: IETF-Announce <>
Subject: Protocol Action: 'The WebSocket protocol' to Proposed Standard (draft-ietf-hybi-thewebsocketprotocol-17.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 3.60
Message-ID: <>
Date: Fri, 30 Sep 2011 08:38:51 -0700
Cc: hybi chair <>, hybi mailing list <>, RFC Editor <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Sep 2011 15:38:52 -0000

The IESG has approved the following document:
- 'The WebSocket protocol'
  (draft-ietf-hybi-thewebsocketprotocol-17.txt) as a Proposed Standard

This document is the product of the BiDirectional or Server-Initiated
HTTP Working Group.

The IESG contact persons are Peter Saint-Andre and Pete Resnick.

A URL of this Internet Draft is:

Technical Summary

   The WebSocket protocol enables two-way communication between a 
   client running untrusted code running in a controlled environment to a
   remote host that has opted-in to communications from that code. The
   security model used for this is the Origin-based security model
   commonly used by Web browsers. The protocol consists of an opening
   handshake followed by basic message framing, layered over TCP. The
   goal of this technology is to provide a mechanism for browser-based
   applications that need two-way communication with servers that does
   not rely on opening multiple HTTP connections (e.g. using
   XMLHttpRequest or <iframe>s and long polling).

Working Group Summary

   The discussion within HyBi WG was extremely contentious up to the month
   of December 2010/January 2011, when there was some indication that due
   the lack of a valid way out some participants might have been considering
   the possibility of leaving the IETF process altogether.  The consensus
   around masking as a solution to the security concerns raised at the end
   of 2010, although not everybody's favorite, was the point around which
   the major parties agreed they could live with, and the process began
   moving forward again.  Since then, the process has been more normal for
   an IETF WG, in that not everyone agrees with the declared consensus
   points, but at least there has been a forward movement on a regular basis.

Document Quality

   There are already several implementations of the protocol on different
   WebServers (e.g. Glassfish, Jetty, Apache) a library implementation (e.g.,
   libwebsocket) and from the client side Firefox6 already includes the
   protocol in its last version, Google has announced to include it in a
   future version of Chrome Browser.  Microsoft has announced client and 
   server support in the upcoming Windows release ("Windows 8").

   The following reviewers merit special mention.  Magnus Westerlund 
   reviewed the -07 version on behalf of the TSV Directorate.  Lisa 
   Dusseault, Richard Barnes and Kathleen Moriarty reviewed the -10 
   version on behalf of the Applications Area Review Team, General Area 
   Review Team, and Security Directorate respectively.

RFC Editor Notes

1. Section 1.3





2. Section 14.1


              National Institute of Standards and Technology, "Secure
              Hash Standard", FIPS PUB 180-2, August 2002, <http://


              National Institute of Standards and Technology, "Secure
              Hash Standard", FIPS PUB 180-3, October 2008, <http://