<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Still I do not believe it should have a specific protocol. If a<br>
protocol is decided on, and it is allowed to connect to any IP-address<br>
- then DDOS attacks can still be performed: If one million web<br>
browsers connect to any port on a single server, it does not matter<br>
which protocol the client tries to communicate with. The server will<br>
still have problems.<br>
</blockquote></div><br>Aren't there and identical set of objections to the cross-domain access-control header? Or microsofts XDR object? Even without Websocket, browsers will be making fully cross-domain requests, and the only question left is how exactly to implement the security in the protocol. That said, there's no additional harm in allowing WebSocket to establish cross-domain connections, but there are many benefits.<br>
<br>-Michael Carter<br>