W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2010

Re: [hybi] workability (or otherwise) of HTTP upgrade

From: Dave Cridland <dave@cridland.net>
Date: Tue, 07 Dec 2010 09:42:05 +0000
Message-Id: <3605.1291714925.544875@puncture>
To: Maciej Stachowiak <mjs@apple.com>, Server-Initiated HTTP <hybi@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, Mark Nottingham <mnot@mnot.net>
On Mon Dec  6 23:27:02 2010, Maciej Stachowiak wrote:
> I'd like to see more detail on the data than is found in the paper,  
> but it seems to show a real-world hazard with use of Upgrade, since  
> many intermediaries do not understand it and at least a few are  
> confused into treating subsequent traffic as additional HTTP  
> requests and responses.

That's a subtle misread of the paper.

The paper shows that many intermediaries treat any traffic as HTTP  
requests and responses until they find a CONNECT, after which they  
treat the traffic as opaque except in a tiny minority of cases (what,  
4 out of 54,000?).

The paper makes no stance on whether Upgrade itself is problematic,  
just whether CONNECT is sufficient to break the intermediaries'  
assumptions.

Hence my suggestion that an ideal solution is to have the initial  
traffic from the client within the websocket appear to be a CONNECT  
(albeit, a deliberately broken one akin to Adam et al's paper).

What this results in is in formal terms, an Upgrade to Websocket  
happens, whereas to a na´ve third party intermediary, there is a GET  
or POST followed by a CONNECT.

No specifications were harmed in the making of this suggestion...

Dave.
-- 
Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
Received on Tuesday, 7 December 2010 09:42:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:33 GMT