Re: [xmpp] See-other-uri and insecure web sockets

Matt Miller <mamille2@cisco.com> Wed, 05 March 2014 10:36 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37F541A03BB for <xmpp@ietfa.amsl.com>; Wed, 5 Mar 2014 02:36:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.048
X-Spam-Level:
X-Spam-Status: No, score=-10.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUcLx7tVO69j for <xmpp@ietfa.amsl.com>; Wed, 5 Mar 2014 02:36:22 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) by ietfa.amsl.com (Postfix) with ESMTP id 339661A0391 for <xmpp@ietf.org>; Wed, 5 Mar 2014 02:36:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1632; q=dns/txt; s=iport; t=1394015779; x=1395225379; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=m4emK564q1hGW5pi3AkjNwmbx+0r5atAywwkGPAMK6U=; b=ZBvGe+usZLEvCEPTo4WaVYqZx15CE8GwgGtTJyIEOhwJfGXLl05olgPY LtHB0WIO7BjjqIjFpGGw4pgNQydTtMHf+ui441ohdg+crd1he+tzEx/fV G84U7YYwILZGS8VrOZMzCLMLa9ax0DLIomDNSSh3tPb+j3J8rrPd5sc4S E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgQFAB39FlOtJXG8/2dsb2JhbABagwY7V8ELgRkWdIIlAQEBBAEBAWsKARALGAkWDwkDAgECARUwBgEMAQUCAQGHdQ3NWheOHjMHhDgBA4kTjyqSK4Mtgio
X-IronPort-AV: E=Sophos;i="4.97,592,1389744000"; d="scan'208";a="25050229"
Received: from rcdn-core2-1.cisco.com ([173.37.113.188]) by alln-iport-2.cisco.com with ESMTP; 05 Mar 2014 10:36:18 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core2-1.cisco.com (8.14.5/8.14.5) with ESMTP id s25AaIkH032085 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 5 Mar 2014 10:36:18 GMT
Received: from MAMILLE2-M-T03K.local (10.86.252.75) by xhc-rcd-x05.cisco.com (173.37.183.79) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 5 Mar 2014 04:36:17 -0600
Message-ID: <5316FE1E.9060803@cisco.com>
Date: Wed, 5 Mar 2014 10:36:14 +0000
From: Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Ben Campbell <ben@nostrum.com>, Peter Saint-Andre <stpeter@stpeter.im>
References: <E72F7F55-02DE-449E-A68C-BA8B18DAE975@vidyo.com> <CAOb_Fnzw_dw3V5W2U5M6ch2k5d=HmpUdjBYbJJQSpkWKH=V+1w@mail.gmail.com> <C3B7485D-C58A-40C9-90EE-7A18B688CBBC@vidyo.com> <53168116.7080107@stpeter.im> <999EB1E4-DC95-4343-AD1C-6606447755D2@nostrum.com>
In-Reply-To: <999EB1E4-DC95-4343-AD1C-6606447755D2@nostrum.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.86.252.75]
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/xvh3PaHrtQdRpNlZj-Dp-pTpMKo
Cc: Jonathan Lennox <jonathan@vidyo.com>, "xmpp@ietf.org" <xmpp@ietf.org>
Subject: Re: [xmpp] See-other-uri and insecure web sockets
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 10:36:24 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 3/5/14, 9:29 AM, Ben Campbell wrote:
> 
> On Mar 5, 2014, at 1:42 AM, Peter Saint-Andre <stpeter@stpeter.im>
> wrote:
> 
>>> 
>>> Well, you need to do *something* if someone tries to connect to
>>> <ws://websocketserver.example/xmpp-bind>, but I guess
>>> responding with 301 or 404 to the HTTP handshake, prior to
>>> protocol handover, would be better than switching to xmpp and
>>> then using see-other-uri.
>> 
>> Yes, I think that's the better approach - the earlier the
>> better.
> 
> Does that mean we don't need see-other-uri at all? 
> _______________________________________________ xmpp mailing list 
> xmpp@ietf.org https://www.ietf.org/mailman/listinfo/xmpp
> 

There are (and will be) cases where a redirect cannot be done until
after the XMPP-over-Websocket handshake is started (well after an HTTP
redirect is possible).

We still need this.


- -- 
- - m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTFv4eAAoJEDWi+S0W7cO16GIIAIFnyroLUbZpRIq5oi+hFwHZ
2NSMTIksa+PIHl8DXcTb0dVsBeKTUpUN9vHMu3U3iO5yDAP9we4M1uKbsXZE6RoD
8w51z0AMrcKueYL9XvtC+sMm1eJVauQid4Vy7JxqgFzq5eTgLy5dsj1nCzssKjVQ
wHZnXGAvaZwGI4W3010RZ7SVEbLBzLwkIPGslZTnzLCX462yJbl+4gvr9UOx7GKG
/R/E/zb53vBkQIkmiUMh7CgfBcmi0QCd1p0hzF+dnozUYp0zHJpYyOH0LiiJn0DI
F1/NU0vE1uQ5GN7NZWNauMoiOIOlvqwcRDqAMswH0uUgmYiSMT/6YESpDROTOJ4=
=NMXg
-----END PGP SIGNATURE-----