IETF Logo Mail Archive

Re: websockets in the IETF, was: [whatwg] New URL Standard from Anne van Kesteren on 2012-09-24 (public-whatwg-archive@w3.org from September 2012)

James M Snell <jasnell@gmail.com> Tue, 23 October 2012 21:32 UTC

Return-Path: <jasnell@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8871E11E8102 for <ietf@ietfa.amsl.com>; Tue, 23 Oct 2012 14:32:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.802
X-Spam-Level:
X-Spam-Status: No, score=-4.802 tagged_above=-999 required=5 tests=[AWL=-1.204, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lpXkePU39cFD for <ietf@ietfa.amsl.com>; Tue, 23 Oct 2012 14:32:14 -0700 (PDT)
Received: from mail-qa0-f51.google.com (mail-qa0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id 819EA11E80DC for <ietf@ietf.org>; Tue, 23 Oct 2012 14:32:14 -0700 (PDT)
Received: by mail-qa0-f51.google.com with SMTP id j40so609366qab.10 for <ietf@ietf.org>; Tue, 23 Oct 2012 14:32:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1FBcYdIIflAHBm959E87HZfLs/3mygOo8Os1iGtEFOE=; b=C7PMNCHHR6P34KZZwKoigZhDZcHPwt1Y1fLPRyHgFLTYtZba/IZD43zazkaiw6oytS Rs0ANlR9N11PECUCYmujaJB6CCuDq3W4jc4GKFH36fTltWQFjG1xCql9y4poeh82CkeD 8CQ2W5aXTEQFDYNDe1oWxdKfyszKPbe5pIiv9kyuOmR1OtTVSuLI/vciHG0tbwL6Tjn0 w8/da3AuNtPRmru55vxZ+08POB6OVfo56Ta5t56nGvKJNFlFJjQkzcYYXCx4BdrTDfKS mQaRAROevT7tK+zR5vVpfuKjuHd6GeTPB6E8bjojUg3AI9kcv73j0gAbxLH8a4HOAJIm Xc8A==
MIME-Version: 1.0
Received: by 10.224.220.146 with SMTP id hy18mr6304582qab.5.1351027933902; Tue, 23 Oct 2012 14:32:13 -0700 (PDT)
Received: by 10.49.81.230 with HTTP; Tue, 23 Oct 2012 14:32:13 -0700 (PDT)
Received: by 10.49.81.230 with HTTP; Tue, 23 Oct 2012 14:32:13 -0700 (PDT)
In-Reply-To: <Pine.LNX.4.64.1210232104200.2471@ps20323.dreamhostps.com>
References: <50604C1A.7090901@gmx.de> <5060A964.5060001@stpeter.im> <Pine.LNX.4.64.1210172354500.2478@ps20323.dreamhostps.com> <507F5A7E.6040206@arcanedomain.com> <50856E3C.103@gmail.com> <Pine.LNX.4.64.1210221753010.2471@ps20323.dreamhostps.com> <0DBC8A11-319C-4120-975E-7E40FD5818BF@gbiv.com> <Pine.LNX.4.64.1210222137530.2471@ps20323.dreamhostps.com> <5085C4BA.2030505@gmx.de> <Pine.LNX.4.64.1210222220510.2471@ps20323.dreamhostps.com> <CABP7RbfgQrgduOzWaXcYieV3cw_=UoBaCC5e=XF+Y3PMEZoRMw@mail.gmail.com> <Pine.LNX.4.64.1210222300490.2471@ps20323.dreamhostps.com> <85CC064C-7592-4249-ACC9-7B55AAC0D7E7@mnot.net> <Pine.LNX.4.64.1210222325540.2471@ps20323.dreamhostps.com> <5DF21D1C-3A60-4E68-9BBF-16B5B69CFF5D@mnot.net> <Pine.LNX.4.64.1210222346590.2471@ps20323.dreamhostps.com> <50869B24.2070109@gmx.de> <Pine.LNX.4.64.1210232104200.2471@ps20323.dreamhostps.com>
Date: Tue, 23 Oct 2012 14:32:13 -0700
Message-ID: <CABP7Rbfk_oT_oXERcYYXfb+=aztWdvNgkfeEdvhKtBBnJbqH5g@mail.gmail.com>
Subject: Re: websockets in the IETF, was: [whatwg] New URL Standard from Anne van Kesteren on 2012-09-24 (public-whatwg-archive@w3.org from September 2012)
From: James M Snell <jasnell@gmail.com>
To: Ian Hickson <ian@hixie.ch>
Content-Type: multipart/alternative; boundary="20cf3074b6e014f77b04ccc0b442"
X-Mailman-Approved-At: Wed, 24 Oct 2012 08:37:10 -0700
Cc: IETF Discussion <ietf@ietf.org>, Noah Mendelsohn <nrm@arcanedomain.com>, "Roy T. Fielding" <fielding@gbiv.com>, Jan Algermissen <jan.algermissen@nordsc.com>, Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@gmx.de>, URI <uri@w3.org>, Tim Bray <tbray@textuality.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2012 21:32:15 -0000

It should be quite clear to everyone that the horse is quite dead at this
point. Any further beating is entirely unnecessary. So let's wrap it up
with this: the whatwg's spec language around urls has the potential to
cause confusion among implementers, so please consider reworking that
language to avoid such confusion. Period, end of story.
 On Oct 23, 2012 2:12 PM, "Ian Hickson" <ian@hixie.ch> wrote:

> On Tue, 23 Oct 2012, Julian Reschke wrote:
> > On 2012-10-23 01:59, Ian Hickson wrote:
> > > ...
> > > Whether WebSockets is a good idea or not is besides the point. The
> point
> > > is that the hybi group was not a pleasant experience for me. If I were
> to
> > > be in a position to do Web Sockets again, I would decline the
> opportunity
> > > to do it through the IETF. Doing it through the IETF made the work
> take a
> > > year longer than it would have, made the protocol less secure (the WG
> > > removed a number of defense-in-depth features), and made the spec a
> mess
> > > ...
> >
> > And, as far as I can tell, fixed a security problem in the original
> > design (which caused some UA implementers to actually disable what they
> > were shipping at that time):
> > <http://w2spconf.com/2011/papers/websocket.pdf>
>
> The security issue in question was already fixed in the draft by the time
> that paper came out.
>
>
> > > (it's a mishmash of different editing styles). Plus, the group _still_
> > > hasn't done multiplexing, which some of the vendors said was a prereq
> > > to implementation, something which, prior to the IETF getting
> > > involved, was only 3 to 6 months out on the roadmap. ...
> >
> > Indeed, but then wasn't it you arguing *against* having it in the base
> > spec? (see <
> http://www.ietf.org/mail-archive/web/hybi/current/msg00239.html>)
>
> I was arguing against having it in the first version, which I had planned
> for Q3 2009 IIRC, and was planning on defining it as an extension protocol
> in early 2010 (I even had a strawman ready). The hybi group argued and
> argued and argued and argued and then decided to not have it in the first
> version, which they ended up doing in Q4 2011, and still haven't done the
> extension. So yeah, I stand by my point above.
>
> --
> Ian Hickson               U+1047E                )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
>

v2.23.0 | Report a Bug | By Email