Re: [xmpp] See-other-uri and insecure web sockets

Peter Saint-Andre <stpeter@stpeter.im> Wed, 05 March 2014 09:39 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F3EB1A000D for <xmpp@ietfa.amsl.com>; Wed, 5 Mar 2014 01:39:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jKjTgSW-R1we for <xmpp@ietfa.amsl.com>; Wed, 5 Mar 2014 01:39:51 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 9B6851A01C2 for <xmpp@ietf.org>; Wed, 5 Mar 2014 01:39:51 -0800 (PST)
Received: from dhcp-ab36.meeting.ietf.org (unknown [31.133.171.54]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id EE62F403AE; Wed, 5 Mar 2014 02:39:46 -0700 (MST)
Message-ID: <5316F0E1.1030109@stpeter.im>
Date: Wed, 05 Mar 2014 09:39:45 +0000
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Ben Campbell <ben@nostrum.com>
References: <E72F7F55-02DE-449E-A68C-BA8B18DAE975@vidyo.com> <CAOb_Fnzw_dw3V5W2U5M6ch2k5d=HmpUdjBYbJJQSpkWKH=V+1w@mail.gmail.com> <C3B7485D-C58A-40C9-90EE-7A18B688CBBC@vidyo.com> <53168116.7080107@stpeter.im> <999EB1E4-DC95-4343-AD1C-6606447755D2@nostrum.com>
In-Reply-To: <999EB1E4-DC95-4343-AD1C-6606447755D2@nostrum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/d40JC_woXa41RaFrY--LlZwFXfQ
Cc: Jonathan Lennox <jonathan@vidyo.com>, "xmpp@ietf.org" <xmpp@ietf.org>
Subject: Re: [xmpp] See-other-uri and insecure web sockets
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 09:39:54 -0000

On 3/5/14, 9:29 AM, Ben Campbell wrote:
>
> On Mar 5, 2014, at 1:42 AM, Peter Saint-Andre <stpeter@stpeter.im> wrote:
>
>>>
>>> Well, you need to do *something* if someone tries to connect to <ws://websocketserver.example/xmpp-bind>, but I guess responding with 301 or 404 to the HTTP handshake, prior to protocol handover, would be better than switching to xmpp and then using see-other-uri.
>>
>> Yes, I think that's the better approach - the earlier the better.
>
> Does that mean we don't need see-other-uri at all?

No, it means that if the client tries to go to an http or ws URI, it is 
best for the service to redirect to an https or wss URI using standard 
HTTP methods, not XMPP methods. We still need the see-other-uri for more 
advanced scenarios in the XMPP context - typically, telling the client 
about an alternative or fallback WebSocket endpoint, just like 
see-other-host from RFC 6120 but for WebSocket endpoints instead of TCP 
endpoints.

Peter