On Tue, 14 Jul 2009, Alex Rousskov wrote: > > If you think your approach is the right one, I would suggest openly > discussing it with the right IETF folks as early as possible, to avoid > wasting your time on an idea they will be blocked later.
WebSocket is being discussed in the hybi IETF list. > HTTP "hard-coding" seems to be a small, albeit critical, part of > WebSocket so changing it to avoid conflicts with HTTP may be possible > without significant negative effects on the rest of the draft. The handshake is a pretty critical part of the security model of the WebSocket protocol. I don't really see how we can continue to have the safe handshake while allowing either the client or the server to send any arbitrary string. WebSocket isn't an HTTP-upgraded protocol; it's just that its handshake happens to be such that it can trick HTTP servers into thinking that it is. In other words, HTTP Upgrade is not the initial handshake mechanism, it just looks like it is if you don't examine it closely. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'