- From: 陈智昌 <willchan@chromium.org>
- Date: Wed, 24 Oct 2012 12:10:30 -0700
- To: Mark Nottingham <mnot@mnot.net>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
- Message-ID: <CAA4WUYj+yjt1KX9ZBJcooE_82+VKx2G-Ww1HiocY7RzBy5=Z6g@mail.gmail.com>
On Tue, Oct 23, 2012 at 9:51 PM, Mark Nottingham <mnot@mnot.net> wrote: > > On 24/10/2012, at 3:12 PM, William Chan (陈智昌) <willchan@chromium.org> > wrote: > >> > >>>> Who's willing to do some experimentation? Specifically, does anyone > have access to the code that was used before (IIRC, people bought some ads > and inserted some Java to probe the network)? > >>> > >>> Do you mean the Chromium HTTP upgrade experiment agl referred to in > >>> http://www.ietf.org/mail-archive/web/tls/current/msg05593.html? > >> > >> No, IIRC there was also some broader experimentation using ads; I'll > dig around a bit more. > >> > >> Of course, if Chrome (or any other browser) would be interested in > running an experiment, we'd love to do that too -- provided we can have > input into the design. > > > > Is there anything you'd like to change about the design in > > http://www.ietf.org/mail-archive/web/tls/current/msg05593.html? I'm in > > general supportive of running experiments, I just don't want to waste > > our time unless there was something deficient about the previous > > experiment. > > Could you dig up the exact bytes-on-the-wire handshake that was used? > Er, I'm not an expert here, but here's the experiment http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/net/websocket_experiment/websocket_experiment_runner.cc?view=markup&pathrev=63020and the handshake code ( http://src.chromium.org/viewvc/chrome/trunk/src/net/websockets/websocket_handshake.cc?view=markup&pathrev=63020 ). > > > > Also, I suspect a non-Google experiment would carry more > > weight :) External validation is good. > > Agreed. > > > > On that point, at Realtime Conf today, Arnout Kazemier provided a > > bunch of data on issues with WebSockets deployment. > > https://speakerdeck.com/3rdeden/realtimeconf-dot-oct-dot-2012. As he > > says "tl;dl: Always use SSL". > > > Thanks. > > I'd like to validate an assumption that has been discussed in-person in a > meeting (forget which one) but IIRC not yet on-list. > > It's that if we can design an upgrade that fails fast and reliably for > HTTP URLs, it's acceptable for there to be a (say) 70% success rate > initially, with the idea that it will rise over time -- perhaps slowly, in > terms of browser releases, but relatively quickly, in terms of the lifetime > of HTTP. > > Can we (everyone) agree upon that? > Not trying to derail the thread, but <mumble>TLS</mumble> :) > > WRT WebSockets, keep in mind that the proxy/firewall/virus scanning > vendors have had less than a year since it became an RFC, for a protocol > that has (relatively) unproven demand and hard-to-nail-down semantics. > > I suspect that HTTP2, once we finish, will be get more priority from them; > the demand is already proven, and the semantics of the protocol are easier > to fit into their existing threat models, etc. This is probably true, but I just wanted to point out that vendor support != actual deployments. > > Cheers, > > -- > Mark Nottingham http://www.mnot.net/ > > > >
Received on Wednesday, 24 October 2012 19:10:58 UTC