SV: RE : [sysapps/raw socket api]: List of changes to be done based on Madrid session 2013-04-09 from Nilsson, Claes1 on 2013-04-12 (public-sysapps@w3.org from April 2013)

From: Nilsson, Claes1 <Claes1.Nilsson@sonymobile.com>
Date: Fri, 12 Apr 2013 09:10:12 +0200
To: "public-sysapps@w3.org" <public-sysapps@w3.org>, Ke-Fong Lin <ke-fong.lin@4d.com>
CC: "Isberg, Anders" <Anders.Isberg@sonymobile.com>, "Edenbrandt, Anders" <Anders.Edenbrandt@sonymobile.com>, "Isaksson, Björn" <Bjorn.Isaksson@sonymobile.com>, "Falk, Mattias" <Mattias.Falk@sonymobile.com>
Message-ID: <lgsvmuo9w101941d8iitolpn.1365750521145@email.android.com>

Hi Ke-Fong!

Thanks for your mail. I would be very happy for your support as co-editor dealing the secure transport parts!

I am still in Madrid but back in office next week. So my plan is to edit the updates that we agreed on at the meeting during this week. Then I would propose a CFC for W3C FPWD.

After that I think that the additions for secure transports should be added.

Would this be ok?

Best regards
Claes

Sent from my Sony Xperia™-smartphone

Ke-Fong Lin <ke-fong.lin@4d.com> skrev:

Hi Claes,

[Claes] Yes, setting up a secure transport channel is more complicated. Compare for example with http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLSocket.html. We have to consider what we need for web system apps. Do you have a tangible proposal for how this would look like in our API?

Not yet, that would require some more thinking : what the different SSL/TLS versions offer, use cases to target, and how to set things up.
If that's ok for you and W3C, I wouldn't mind being a co-editor on this spec and do that. My management should be ok (they want to get more involved with W3C) about that (still I would need to confirm that).

For examples, we may look at NodeJS : http://www.nodejs.org/api/tls.html

It's pretty basic but does the work. It has been in production use for at least 2 years and the API didn't change much.
For Wakanda, we implemented a compatible API, with just the client connection part, and it works pretty well (SMTP or POP).
None of our customers requested more.

Also, it's not just about secured TCP, we may also take look at what Microsoft did for Windows 8 programming using JavaScript :

http://msdn.microsoft.com/en-us/library/windows/apps/windows.networking.sockets.streamsocket.upgradetosslasync.aspx

I've just taken a quick glance and they seemed to have done a solid job. They pretty much implement all the functionalities for both UDP and TCP.

[Claes] There are use cases for secure transport over UDP but I'll investigate that and will come back.

You can always exchange "symmetric" keys using SSL TCP sockets and then use them to encrypt/decrypt (ArrayBuffer of) UDP packets.

[Claes] That means a synchronous method halfClose(). I agree with Jonas that we should add a state "halfclosed". Using a separate attribute to indicate this state seems inconsistent. So the steps executed by the UA when halfClose() is called would be:
* Half close the connection (send FIN) and set the readyState attribute to "halfclosed".

Ok, sold!

Regards,

Ke-Fong Lin
Développeur Senior

4D SAS
60, rue d'Alsace
92110 Clichy
France

Standard :
Email : Ke-Fong.Lin@4d.com
Web : www.4D.com

Received on Friday, 12 April 2013 07:10:42 UTC