Re: [hybi] Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt> (The WebSocket protocol) to Proposed Standard

David Endicott <dendicott@gmail.com> Fri, 22 July 2011 13:39 UTC

Return-Path: <dendicott@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A2521F89A1; Fri, 22 Jul 2011 06:39:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.572
X-Spam-Level:
X-Spam-Status: No, score=-3.572 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jWhak6rv5tX; Fri, 22 Jul 2011 06:39:55 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7417621F89B8; Fri, 22 Jul 2011 06:39:55 -0700 (PDT)
Received: by wyj26 with SMTP id 26so1734185wyj.31 for <multiple recipients>; Fri, 22 Jul 2011 06:39:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xYBLA/SIP9nqRan8Hzjo1Um9ANmWy9q5Li7FKqzp1gg=; b=mLlEbIFAOxdN8vRLQhs1O41iMoEw9IuBDvoZhNRh8C3QxzYtPBzqv+Vd2WiByGOTQC 6HQMPTtL9s5uK8EEQR75hoLDQh5QIHOswaILUpeeZ+2G52ZNmmAL1PT+aZ3CP9aGqsz3 dOgr4yYy2ogesHHyo8o5K7nrqIw+m78LbXwNg=
MIME-Version: 1.0
Received: by 10.216.79.74 with SMTP id h52mr1473558wee.33.1311341994460; Fri, 22 Jul 2011 06:39:54 -0700 (PDT)
Received: by 10.216.39.197 with HTTP; Fri, 22 Jul 2011 06:39:53 -0700 (PDT)
In-Reply-To: <9031.1311328519.488604@puncture>
References: <20110711140229.17432.23519.idtracker@ietfa.amsl.com> <CALiegfk0zVVRBbOP4ugsVXKmcLnryujP6DZqF6Bu_dC2C3PpeQ@mail.gmail.com> <9031.1311082001.631622@puncture> <CALiegfk_GLAhAf=yEe6hYw2bwtxEwg9aJN+f0Bm9he5QgsRavA@mail.gmail.com> <CAP992=Ft6NwG+rbcuWUP0npwVNHY_znHmXmznBQO_krMo3RT6g@mail.gmail.com> <CALiegfmTWMP3GhS1-k2aoHHXkUkB+eWqV=2+BufuWVR1s2Z-EA@mail.gmail.com> <20110721163910.GA16854@1wt.eu> <CAP992=FrX5VxP2o0JLNoJs8nXXba7wbZ6RN9wBUYC0ZSN_wbAg@mail.gmail.com> <9031.1311270000.588511@puncture> <CALiegf=pYzybvc7WB2QfPg6FKrhLxgzHuP-DpuuMfZYJV6Z7FQ@mail.gmail.com> <CAP992=FJymFPKcPVWrF-LkcEtNUz=Kt9L_ex+kLtjiGjL1T46w@mail.gmail.com> <4E28A51F.4020704@callenish.com> <9031.1311286867.939466@puncture> <4E28BA9D.6010501@callenish.com> <CAP992=GedTEfimykCWwdwm=BsZdwFRJO36EO0a_o7iejURJ+tQ@mail.gmail.com> <9031.1311328519.488604@puncture>
Date: Fri, 22 Jul 2011 09:39:53 -0400
Message-ID: <CAP992=GuGMB7e=skLnW=gjQU0rnbh2BD2A_bRyy3Fkrphmj=VQ@mail.gmail.com>
Subject: Re: [hybi] Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt> (The WebSocket protocol) to Proposed Standard
From: David Endicott <dendicott@gmail.com>
To: Dave Cridland <dave@cridland.net>
Content-Type: multipart/alternative; boundary="000e0cd342b6c245a504a8a899d0"
X-Mailman-Approved-At: Sat, 23 Jul 2011 09:42:33 -0700
Cc: Server-Initiated HTTP <hybi@ietf.org>, IETF-Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2011 13:39:56 -0000

Good to know, thank you.

On Fri, Jul 22, 2011 at 5:55 AM, Dave Cridland <dave@cridland.net> wrote:

> On Fri Jul 22 03:24:41 2011, David Endicott wrote:
>
>> there are added inefficiencies.   Also the name resolution of the HTTP
>> that
>> serves the Javascript that opens the WS should remain constant.   If WS
>> resolves the host/domain to a different address than the HTTP it was
>> spawned
>> from, it becomes a method to bypass same-origin / CORS restrictions.
>>
>
> That's an unfortunate misunderstanding.
>
> All protocols that use SRV records maintain the target domain.
>
> So a ws://example.com/xyz would still send a Host header of "example.com",
> whether SRV or not, so there is no impact on same origin policy, CORS, etc.
>
>
> Dave.
> --
> Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net
>  - acap://acap.dave.cridland.net/**byowner/user/dwd/bookmarks/<http://acap.dave.cridland.net/byowner/user/dwd/bookmarks/>
>  - http://dave.cridland.net/
> Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
>