Re: [xmpp] Comments on draft-ietf-xmpp-websocket-05

Ben Campbell <> Tue, 22 April 2014 20:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 431CD1A0262 for <>; Tue, 22 Apr 2014 13:51:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.172
X-Spam-Status: No, score=-2.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Q40eA0XwkgCB for <>; Tue, 22 Apr 2014 13:51:44 -0700 (PDT)
Received: from ( [IPv6:2001:470:d:1130::1]) by (Postfix) with ESMTP id 9168B1A0077 for <>; Tue, 22 Apr 2014 13:51:44 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.8/8.14.7) with ESMTP id s3MKpZjS019363 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 22 Apr 2014 15:51:36 -0500 (CDT) (envelope-from
X-Authentication-Warning: Host [] claimed to be []
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Ben Campbell <>
In-Reply-To: <>
Date: Tue, 22 Apr 2014 15:51:35 -0500
X-Mao-Original-Outgoing-Id: 419892695.350925-43d374badfed33404e7fe9e51e6cdc7a
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: Lance Stout <>
X-Mailer: Apple Mail (2.1874)
Cc: XMPP Working Group <>
Subject: Re: [xmpp] Comments on draft-ietf-xmpp-websocket-05
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 22 Apr 2014 20:51:49 -0000


Thanks for the response. Comments inline. I removed sections that didn't seem to require further comment.

On Apr 21, 2014, at 5:12 PM, Lance Stout <> wrote:

> On Apr 21, 2014, at 2:15 PM, Ben Campbell <> wrote:


>> -- 3.2.2: "...  MUST close the stream with an error, which SHOULD be <invalid-namespace> ..."
>> Why SHOULD and not MUST? Are there reasonable circumstances to choose something else? Can you offer guidance on why one might choose something else, and what impact that would have?
> I was mirroring the language in RFC 6120 Section 4.8.1. The SHOULD there seems to come from some server implementations that used <bad-format /> instead.
> I'd be fine changing this to a MUST, since we're requiring servers to change the stream start header anyway.

I'm okay either way, but if we leave it a SHOULD it would be good to add a note about the reasoning.

>> -- 3.6:
>> Do we have to worry about half-closes situations where the peer does not respond in a timely manner? How about glare?
>> How does the XEP-0198 guidance after the figure interact with the guidance saying the closing party SHOULD close the stream? That would seem to imply one SHOULD NOT keep the stream alive, since that would involve not closing the stream.

(I see you responded to those in a separate email. I will address them there.)


>> -- 3.8:
>> First paragraph says clients can use extra whitespace, but goes onto say you SHOULD use WebSocket ping control frames. Does that mean we are recommending _against_ using the extra whitespace? If so, I'd avoid language saying you "can" do it in the first place, or add some qualification to make it clear those are "standard" XMPP clients and servers, but _WebSocket_ implementations SHOULD do things differently.
> Right. We're mandating in Section 3.3.3 that every WebSocket message begins with "<", which makes using whitespace pings problematic.
>> Are the uses of XMPP Ping or Stream Management for this purpose limited to the connection manager case? If not, does the aforementioned SHOULD also recommend against doing these?
> Using Ping or Stream Management is acceptable in any case, if redundant, as it turns out browsers do not explicitly give developers control over WebSocket pings.
> My recommendation for preferred order of use of pinging mechanisms is:
> 1. Use Stream Management acks to ping (they're smaller and give useful info).
> 2. Use XMPP Ping
> 3. Use WebSocket ping control frames (mostly useful only if you're using WebSocket outside of a browser, such as on the server side of the connection).

Sounds good to me, pending clarifying text. (I wonder if others agree with those priorities?)

>> -- 3.9: " ... enabling TLS SHOULD be done at the WebSocket layer ... "
>> Why not MUST? Can you give guidance about when it might make sense not to do it, and the consequences?
>> Does the possibility of a connection manager change anything?
> Using MUST here does make more sense. TLS SHOULD be used, and if MUST be enabled at the WebSocket layer.

Sounds good. Any thoughts on the connection manager question?