Re: Ben Campbell's Yes on draft-ietf-httpbis-h2-websockets-06: (with COMMENT)

On Thu, Jun 7, 2018 at 5:01 PM, Ben Campbell <ben@nostrum.com> wrote:

>
>
> > On Jun 7, 2018, at 3:13 AM, Patrick McManus <pmcmanus@mozilla.com>
> wrote:
> >
> > Hi Ben, thanks for the review -
> >
> >
> > On Wed, Jun 6, 2018 at 9:36 PM, Ben Campbell <ben@nostrum.com> wrote:
> >
> > Substantive:
> > §5: Is the scheme pseudo-header expected to match the security status of
> the
> > existing connection?
> >
> >
> > 7540 indicates the security requirements for carrying https or http
> schemes, which conveniently are the schemes used by this draft.
> >
>
> Okay, let me check my understanding here.
>
> If I want to setup a tunnel for “wss” , :scheme must be https, and that’s
> only possible if the connection for the stream is running over TLS.


right

And you are also disallowed to setup a tunnel for “ws” if the stream is
> running over a connection setup for HTTPS?
>
> ws uses the http :scheme, and the rules for doing that with TLS and h2 are
set by RFC 8164 if a client really wants to. In most cases though they will
just continue to use http/1 as that's what's normal for http:// resources.



> > The draft doesn't require that you use the connection that the markup
> was received on - though that's obviously desirable when possible.
>
> I’m a bit confused by that statement. I understand this mechanism to
> upgrade an existing stream to WebSocket. How would you do that on a
> different connection?
>
>
The term upgrade is a bit confusing, but it is inherited from 6455.
Everything needs to start with http(s) and then be turned into (i.e.
upgraded into) websockets. You can do that with a new http connection. (the
term upgrade comes from the h1 request header named upgrade to this in an
h1 context)

Received on Sunday, 10 June 2018 23:51:02 UTC