[whatwg] Web Sockets

Honza Bambas honzab at allpeers.com
Mon Jul 14 14:18:20 PDT 2008


Ian Hickson wrote:
> Many years ago I wrote a draft for how to do full-duplex communication 
> from a Web page. Over the years we've received much feedback on this 
> TCPConnection API. I've now completely rewritten the relevant section and 
> given it a new name, Web Sockets:
>
>    http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#network
>
> If there are any security issues with this proposal, or if it fails to 
> achieve its goals (discussed below), or fails to handle a case you care 
> about, then please don't hesitate to send feedback to the list!
>
>   
I am just concern about the way the protocol is specified. When I read 
the notes it is obvious the communication is actually an HTTP 
communication. Let's say I am a browser  developer. Let's say I have to 
enhance my already fully armed browser with all the support for HTTP 
protocol and proxy/HTTP authentication, cookies, fixed many security 
issues etc. It would be reasonable to use my HTTP implementation and 
build ws/wss client protocol on top of it. Problem is that spec counts 
with exact byte compare but my implementation might possibly change 
headers order or HTTP version (to higher one). This would violate the 
WHATWG spec but the request according to HTTP protocol would still be 
correct.

This might make the implementation (and therefor also adoption) of this 
technology more complicated for browser developers.

Why exactly is in the spec intention to do exact byte-to-byte match? To 
allow very easy implementation using scripts?


Thanks
-hb-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080714/04e22853/attachment.htm>


More information about the whatwg mailing list