- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 23 Oct 2012 15:27:00 +0200
- To: Ian Hickson <ian@hixie.ch>
- CC: Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, Jan Algermissen <jan.algermissen@nordsc.com>, Tim Bray <tbray@textuality.com>, "Roy T. Fielding" <fielding@gbiv.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>, Noah Mendelsohn <nrm@arcanedomain.com>, URI <uri@w3.org>, IETF Discussion <ietf@ietf.org>
On 2012-10-23 01:59, Ian Hickson wrote: > ... > Whether WebSockets is a good idea or not is besides the point. The point > is that the hybi group was not a pleasant experience for me. If I were to > be in a position to do Web Sockets again, I would decline the opportunity > to do it through the IETF. Doing it through the IETF made the work take a > year longer than it would have, made the protocol less secure (the WG > removed a number of defense-in-depth features), and made the spec a mess > ... And, as far as I can tell, fixed a security problem in the original design (which caused some UA implementers to actually disable what they were shipping at that time): <http://w2spconf.com/2011/papers/websocket.pdf> > (it's a mishmash of different editing styles). Plus, the group _still_ > hasn't done multiplexing, which some of the vendors said was a prereq to > implementation, something which, prior to the IETF getting involved, was > only 3 to 6 months out on the roadmap. > ... Indeed, but then wasn't it you arguing *against* having it in the base spec? (see <http://www.ietf.org/mail-archive/web/hybi/current/msg00239.html>) Best regards, Julian
Received on Tuesday, 23 October 2012 13:27:46 UTC