Ian Hickson wrote:
Many years ago I wrote a draft for how to do full-duplex communication
from a Web page. Over the years we've received much feedback on this
TCPConnection API. I've now completely rewritten the relevant section and
given it a new name, Web Sockets:
http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#network
If there are any security issues with this proposal, or if it fails to
achieve its goals (discussed below), or fails to handle a case you care
about, then please don't hesitate to send feedback to the list!
I am just concern about the way the protocol is specified. When I read
the notes it is obvious the communication is actually an HTTP
communication. Let's say I am a browser developer. Let's say I have to
enhance my already fully armed browser with all the support for HTTP
protocol and proxy/HTTP authentication, cookies, fixed many security
issues etc. It would be reasonable to use my HTTP implementation and
build ws/wss client protocol on top of it. Problem is that spec counts
with exact byte compare but my implementation might possibly change
headers order or HTTP version (to higher one). This would violate the
WHATWG spec but the request according to HTTP protocol would still be
correct.
This might make the implementation (and therefor also adoption) of this
technology more complicated for browser developers.
Why exactly is in the spec intention to do exact byte-to-byte match? To
allow very easy implementation using scripts?
Thanks
-hb-
