On Thu, Jun 7, 2018 at 5:01 PM, Ben Campbell <ben@nostrum.com> wrote: > > > > On Jun 7, 2018, at 3:13 AM, Patrick McManus <pmcmanus@mozilla.com> > wrote: > > > > Hi Ben, thanks for the review - > > > > > > On Wed, Jun 6, 2018 at 9:36 PM, Ben Campbell <ben@nostrum.com> wrote: > > > > Substantive: > > §5: Is the scheme pseudo-header expected to match the security status of > the > > existing connection? > > > > > > 7540 indicates the security requirements for carrying https or http > schemes, which conveniently are the schemes used by this draft. > > > > Okay, let me check my understanding here. > > If I want to setup a tunnel for “wss” , :scheme must be https, and that’s > only possible if the connection for the stream is running over TLS. right And you are also disallowed to setup a tunnel for “ws” if the stream is > running over a connection setup for HTTPS? > > ws uses the http :scheme, and the rules for doing that with TLS and h2 are set by RFC 8164 if a client really wants to. In most cases though they will just continue to use http/1 as that's what's normal for http:// resources. > > The draft doesn't require that you use the connection that the markup > was received on - though that's obviously desirable when possible. > > I’m a bit confused by that statement. I understand this mechanism to > upgrade an existing stream to WebSocket. How would you do that on a > different connection? > > The term upgrade is a bit confusing, but it is inherited from 6455. Everything needs to start with http(s) and then be turned into (i.e. upgraded into) websockets. You can do that with a new http connection. (the term upgrade comes from the h1 request header named upgrade to this in an h1 context)
Received on Sunday, 10 June 2018 23:51:02 UTC