On Tue, 14 Jul 2009, Alex Rousskov wrote:
>
> If you think your approach is the right one, I would suggest openly
> discussing it with the right IETF folks as early as possible, to avoid
> wasting your time on an idea they will be blocked later.
WebSocket is being discussed in the hybi IETF list.
> HTTP "hard-coding" seems to be a small, albeit critical, part of
> WebSocket so changing it to avoid conflicts with HTTP may be possible
> without significant negative effects on the rest of the draft.
The handshake is a pretty critical part of the security model of the
WebSocket protocol. I don't really see how we can continue to have the
safe handshake while allowing either the client or the server to send any
arbitrary string.
WebSocket isn't an HTTP-upgraded protocol; it's just that its handshake
happens to be such that it can trick HTTP servers into thinking that it
is. In other words, HTTP Upgrade is not the initial handshake mechanism,
it just looks like it is if you don't examine it closely.
-- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'Received on Wed Jul 15 2009 - 00:01:10 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 15 2009 - 12:00:05 MDT