> Still I do not believe it should have a specific protocol. If a > protocol is decided on, and it is allowed to connect to any IP-address > - then DDOS attacks can still be performed: If one million web > browsers connect to any port on a single server, it does not matter > which protocol the client tries to communicate with. The server will > still have problems. >
Aren't there and identical set of objections to the cross-domain access-control header? Or microsofts XDR object? Even without Websocket, browsers will be making fully cross-domain requests, and the only question left is how exactly to implement the security in the protocol. That said, there's no additional harm in allowing WebSocket to establish cross-domain connections, but there are many benefits. -Michael Carter