- From: Dragana Damjanovic <dragana.damjano@gmail.com>
- Date: Fri, 19 May 2023 23:07:16 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAG0m4gR36f3yg27Bgp5gWAH=PZdc8oy-M-GeA-XKgzpQ2DLr-g@mail.gmail.com>
Hi, I wrote a draft that proposes adding an extension to WebSockets to negotiate "no-masking". The extension should be used only if intermediaries cannot see unencrypted traffic. In this case, the masking is not needed, and omitting it would reduce needed processing. The proposal has some problems, but I would like to hear the opinion of the group and if people are interested in such a feature. https://www.ietf.org/archive/id/draft-damjanovic-websockets-nomasking-00.html A problem that I have identified with the proposal is that it will require TLS terminating middleboxes to change (they will need to remove the extension from the list), otherwise, servers behind them could wrongly negotiate the extension. This is not optimal. Other approaches I have considered: - making it HTTP/2- and HTTP/3-only feature and negotiating it via settings (In this way it cannot be transfer to unencripted part of a path). This is not ideal. - Creating a new header for the feature and adding it to the “Connection” header in the case of HTTP/1.1 and transferring it as a setting in the case of HTTP/2 and HTTP/3, and - creating a new version of the WebSocket protocol, but the negotiation of a new version is not ideal for this purpose and may have the same problems as my proposal in the draft. Other ideas are welcome. I would like to hear your opinion. Best, Dragana
Received on Friday, 19 May 2023 21:07:34 UTC