The WebSocket Protocol as a Transport for the Message Session Relay Protocol (MSRP)
draft-pd-dispatch-msrp-websocket-15
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2016-09-21
|
15 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2016-09-15
|
15 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2016-08-24
|
15 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2016-08-18
|
15 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2016-08-17
|
15 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2016-08-17
|
15 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2016-08-17
|
15 | (System) | IANA Action state changed to In Progress |
2016-08-16
|
15 | (System) | RFC Editor state changed to EDIT |
2016-08-16
|
15 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2016-08-16
|
15 | (System) | Announcement was received by RFC Editor |
2016-08-16
|
15 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2016-08-16
|
15 | Cindy Morgan | IESG has approved the document |
2016-08-16
|
15 | Cindy Morgan | Closed "Approve" ballot |
2016-08-16
|
15 | Cindy Morgan | Ballot approval text was generated |
2016-08-15
|
15 | Ben Campbell | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2016-08-15
|
15 | Gonzalo Salgueiro | New version available: draft-pd-dispatch-msrp-websocket-15.txt |
2016-08-09
|
14 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2016-08-09
|
14 | Ram R | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2016-08-09
|
14 | Ram R | New version available: draft-pd-dispatch-msrp-websocket-14.txt |
2016-08-04
|
13 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2016-08-04
|
13 | Stephen Farrell | [Ballot comment] The first part of this was a DISCUSS that Ben answered. Thanks for making TLS a MUST-use in section 10. However, that makes … [Ballot comment] The first part of this was a DISCUSS that Ben answered. Thanks for making TLS a MUST-use in section 10. However, that makes me wonder why it's ever ok to not use TLS on the other side of the MSRP relay. I assume that's down to deployments that can't ensure TLS on both sides but that then raises some questions for me that I didn't see answered in the document, so I'd like to briefly check/chat-about those... (and also to ask if you can up the ante as well:-) (1) When both sides of the MSRP relay do want TLS, but the MSRP-relay-as-TLS-client fails to setup the "righthand" (referring to the draft's diagrams) TLS session, say because of a bad cert, what does the browser see? (That may be entirely obvious to someone who knows MSRP and need no change in the draft, but it wasn't clear to me.) (2) If the "righthand" MSRP session is not protected with TLS, then is that fully under the control of the client/browser? IOW, how does the browser/client express a desire that it really really wants TLS on both sides or else to fail? I think that's down to using msrps URIs but am not sure. Again that might be clear to anyone who knows MSRP but I don't:-) Can you clarify? (3) The answer is probably "no" but would it be feasible to say that a client for this MUST only use msrps: URIs? If it were feasible, that'd be good I think. If it's not feaasible, that's a pity, but I'm not asking that you add pretend statements about security we won't get;-) From here on was not a discuss. - I also agree with Alissa's comment about the m= line and am glad to see that change was accepted. - 5.3.1: Why is there no option for TLS client auth here? If you allow cookies, then I don't see why you say nothing about that. - section 7: I don't get why you want/need CORS here - can you explain? (Not sure if something needs stating in the document, but as-is, it's unclear to me.) - 8.1.2 and elsewhere: It'd have been fine to only say once that MRSP doesn't allow line folding:-) - section 9: Thanks! Great to see that. - section 10: Thanks for saying that TLS MUST be used between client/browser and MSRP relay. That's a bit buried down here though - I think it'd have been good to say that at the top of the document too. (I got the wrong initial impression that you were allowing cleartext between the client/browser and MSRP relay from the start of the document.) - section 10: Do you need to add a security consideration saying that the MSRP relay can see the plaintext and that the client/browser shouldn't indicate e2e security to the user? - section 10: Wouldn't it be a good idea to add a statement that TLS as used here ought follow BCP195? (RFC7525) |
2016-08-04
|
13 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2016-08-04
|
13 | Stephen Farrell | [Ballot discuss] Thanks for making TLS a MUST-use in section 10. However, that makes me wonder why it's ever ok to not use TLS on … [Ballot discuss] Thanks for making TLS a MUST-use in section 10. However, that makes me wonder why it's ever ok to not use TLS on the other side of the MSRP relay. I assume that's down to deployments that can't ensure TLS on both sides but that then raises some questions for me that I didn't see answered in the document, so I'd like to briefly check/chat-about those... (and also to ask if you can up the ante as well:-) (1) When both sides of the MSRP relay do want TLS, but the MSRP-relay-as-TLS-client fails to setup the "righthand" (referring to the draft's diagrams) TLS session, say because of a bad cert, what does the browser see? (That may be entirely obvious to someone who knows MSRP and need no change in the draft, but it wasn't clear to me.) (2) If the "righthand" MSRP session is not protected with TLS, then is that fully under the control of the client/browser? IOW, how does the browser/client express a desire that it really really wants TLS on both sides or else to fail? I think that's down to using msrps URIs but am not sure. Again that might be clear to anyone who knows MSRP but I don't:-) Can you clarify? (3) The answer is probably "no" but would it be feasible to say that a client for this MUST only use msrps: URIs? If it were feasible, that'd be good I think. If it's not feaasible, that's a pity, but I'm not asking that you add pretend statements about security we won't get;-) |
2016-08-04
|
13 | Stephen Farrell | [Ballot comment] - I also agree with Alissa's comment about the m= line and am glad to see that change was accepted. - 5.3.1: Why … [Ballot comment] - I also agree with Alissa's comment about the m= line and am glad to see that change was accepted. - 5.3.1: Why is there no option for TLS client auth here? If you allow cookies, then I don't see why you say nothing about that. - section 7: I don't get why you want/need CORS here - can you explain? (Not sure if something needs stating in the document, but as-is, it's unclear to me.) - 8.1.2 and elsewhere: It'd have been fine to only say once that MRSP doesn't allow line folding:-) - section 9: Thanks! Great to see that. - section 10: Thanks for saying that TLS MUST be used between client/browser and MSRP relay. That's a bit buried down here though - I think it'd have been good to say that at the top of the document too. (I got the wrong initial impression that you were allowing cleartext between the client/browser and MSRP relay from the start of the document.) - section 10: Do you need to add a security consideration saying that the MSRP relay can see the plaintext and that the client/browser shouldn't indicate e2e security to the user? - section 10: Wouldn't it be a good idea to add a statement that TLS as used here ought follow BCP195? (RFC7525) |
2016-08-04
|
13 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2016-08-04
|
13 | Alexey Melnikov | [Ballot comment] In Section 10, last para: Any security considerations specific to the WebSocket protocol are detailed in the relevant specifications ([RFC6455 … [Ballot comment] In Section 10, last para: Any security considerations specific to the WebSocket protocol are detailed in the relevant specifications ([RFC6455] and [RFC4975]) and are considered outside the scope of this document. The certificate name matching and cryptosuite selection will be handled by the browser, and the browser's procedures will supercede those specified in [RFC4975]. Certificate name matching is described by RFC 6455, so the above text is not accurate. (The point about certificate matching from [RFC4975] not being used is correct though.) |
2016-08-04
|
13 | Alexey Melnikov | [Ballot Position Update] Position for Alexey Melnikov has been changed to No Objection from No Record |
2016-08-04
|
13 | Joel Jaeggli | [Ballot comment] Fred Baker performed the opsdir review. |
2016-08-04
|
13 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2016-08-03
|
13 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2016-08-03
|
13 | Kathleen Moriarty | [Ballot comment] I see you've addressed Alissa & Mirja's comments, thanks for that. I also agree with Alexey's, but can't find the discussion, so I … [Ballot comment] I see you've addressed Alissa & Mirja's comments, thanks for that. I also agree with Alexey's, but can't find the discussion, so I am not sure mail went out on it. |
2016-08-03
|
13 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
2016-08-03
|
13 | Spencer Dawkins | [Ballot comment] I agree with Alissa and Mirja on TCP/MSRP. |
2016-08-03
|
13 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2016-08-03
|
13 | Alexey Melnikov | [Ballot comment] In Section 10, last para: Any security considerations specific to the WebSocket protocol are detailed in the relevant specifications ([RFC6455 … [Ballot comment] In Section 10, last para: Any security considerations specific to the WebSocket protocol are detailed in the relevant specifications ([RFC6455] and [RFC4975]) and are considered outside the scope of this document. The certificate name matching and cryptosuite selection will be handled by the browser, and the browser's procedures will supercede those specified in [RFC4975]. Certificate name matching is described by RFC 6455, so the above text is not accurate. (The point about certificate matching from [RFC4975] not being used is correct.) |
2016-08-03
|
13 | Alexey Melnikov | Ballot comment text updated for Alexey Melnikov |
2016-08-03
|
13 | Mirja Kühlewind | [Ballot comment] Nits/minor questions: 1) Please spell out MSRP at the first occurance in the 2. paragraph in the intro and give a reference s/MSRP/MSRP … [Ballot comment] Nits/minor questions: 1) Please spell out MSRP at the first occurance in the 2. paragraph in the intro and give a reference s/MSRP/MSRP (Message Session Relay Protocol) [RFC4975]/ 2) In section 4.2 the following sentence is not fully clear to me: "The content of text frames MUST be interpreted as binary by WebSocket Clients and Servers." Wouldn't that break if the content of the text frame is actually UTF-8? Wouldn't it be better to ignor text frames? 3) Section 8.2.3 has a copy/paste error: Last transaction should be "F4 200 OK Alice -> a.example.com (transport WSS)" (and not " F4 200 OK Bob -> a.example.com (transport TLS)") 4) Inline with Alissa's comment: These two statement seem to contradict each other: "it is acceptable for an MSRP WebSocket Client to specify the "TCP/MSRP" or "TCP/TLS/MSRP" protocols in the SDP m-line" (section 5.2.2) and "MSRP traffic transported over WebSockets MUST be protected by using a secure WebSocket connection (using TLS [RFC5246] over TCP)." (section 10) |
2016-08-03
|
13 | Mirja Kühlewind | Ballot comment text updated for Mirja Kühlewind |
2016-08-03
|
13 | Mirja Kühlewind | [Ballot comment] Nits/minor questions: 1) Please spell out MSRP at the first occurance in the 2. paragraph in the intro and give a reference s/MSRP/MSRP … [Ballot comment] Nits/minor questions: 1) Please spell out MSRP at the first occurance in the 2. paragraph in the intro and give a reference s/MSRP/MSRP (Message Session Relay Protocol) [RFC4975]/ 2) In section 4.2 the following sentence is not fully clear to me: "The content of text frames MUST be interpreted as binary by WebSocket Clients and Servers." Wouldn't that break if the content of the text frame is actually UTF-8? Wouldn't it be better to ignor text frames? 3) Section 8.2.3 has a copy/paste error: Last transaction should be "F4 200 OK Alice -> a.example.com (transport WSS)" (and not " F4 200 OK Bob -> a.example.com (transport TLS)") 4) Inline with Alissa's comment: These two statement seem to contradict each other: "it is acceptable for an MSRP WebSocket Client to specify the "TCP/MSRP" or "TCP/TLS/MSRP" protocols in the SDP m-line" (section 5.2.2) and "MSRP traffic transported over WebSockets MUST be protected by using a secure WebSocket connection (using TLS [RFC5246] over TCP)." (section 10) |
2016-08-03
|
13 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2016-08-02
|
13 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2016-08-02
|
13 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2016-08-02
|
13 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2016-08-02
|
13 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2016-08-02
|
13 | Alissa Cooper | [Ballot comment] I see in 5.2.2 that it is acceptable for clients to specify "TCP/MSRP" in an SDP m-line. But then in Section 10 there … [Ballot comment] I see in 5.2.2 that it is acceptable for clients to specify "TCP/MSRP" in an SDP m-line. But then in Section 10 there is the requirement for MSRP-over-websocket traffic to be protected by TLS, and RFC 4976 requires the same for all client-relay communications. What is the use case where a client would signal TCP/MSRP in an m-line while also indicating use of a websocket relay? I'm having trouble understanding why the option to specify TCP/MSRP is needed. |
2016-08-02
|
13 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2016-08-01
|
13 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2016-07-26
|
13 | (System) | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2016-07-25
|
13 | Ben Campbell | Placed on agenda for telechat - 2016-08-04 |
2016-07-25
|
13 | Ben Campbell | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
2016-07-25
|
13 | Ben Campbell | Ballot has been issued |
2016-07-25
|
13 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2016-07-25
|
13 | Ben Campbell | Created "Approve" ballot |
2016-07-25
|
13 | Ben Campbell | Ballot approval text was generated |
2016-07-20
|
13 | Ram R | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2016-07-20
|
13 | Ram R | New version available: draft-pd-dispatch-msrp-websocket-13.txt |
2016-07-11
|
12 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Has Issues. Reviewer: Fred Baker. |
2016-07-08
|
12 | Ben Campbell | Changed consensus to Yes from Unknown |
2016-07-08
|
12 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2016-07-06
|
12 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Donald Eastlake. |
2016-07-05
|
12 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2016-07-05
|
12 | Sabrina Tanamal | (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-pd-dispatch-msrp-websocket-12.txt. If any part of this review is inaccurate, please let us know. IANA … (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-pd-dispatch-msrp-websocket-12.txt. If any part of this review is inaccurate, please let us know. IANA understands that, upon approval of this document, there is a single action which IANA must complete. In the WebSocket Subprotocol Name Registry in the WebSocket Protocol Registries located at: https://www.iana.org/assignments/websocket/ a single new subprotocol name will be registered as follows: Subprotocol Identifier: msrp Subprotocol Common Name: WebSocket Transport for MSRP (Message Session Relay Protocol) Subprotocol Definition: [ RFC-to-be ] Reference: [ RFC-to-be ] IANA understands that this is the only action required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. Thank you, Sabrina Tanamal IANA Specialist ICANN |
2016-06-17
|
12 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Donald Eastlake |
2016-06-17
|
12 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Donald Eastlake |
2016-06-16
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
2016-06-16
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
2016-06-13
|
12 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Fred Baker |
2016-06-13
|
12 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Fred Baker |
2016-06-10
|
12 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2016-06-10
|
12 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: ben@nostrum.com, draft-pd-dispatch-msrp-websocket@ietf.org, mary.ietf.barnes@gmail.com Reply-To: ietf@ietf.org Sender: Subject: Last Call: … The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: ben@nostrum.com, draft-pd-dispatch-msrp-websocket@ietf.org, mary.ietf.barnes@gmail.com Reply-To: ietf@ietf.org Sender: Subject: Last Call: (The WebSocket Protocol as a Transport for the Message Session Relay Protocol (MSRP)) to Proposed Standard The IESG has received a request from an individual submitter to consider the following document: - 'The WebSocket Protocol as a Transport for the Message Session Relay Protocol (MSRP)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2016-07-08. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The WebSocket protocol enables two-way real-time communication between clients and servers in situations where direct access to TCP and UDP are not available (for example, from within Javascript in a web browser). This document specifies a new WebSocket sub-protocol as a reliable transport mechanism between MSRP (Message Session Relay Protocol) clients and relays to enable usage of MSRP in new scenarios. This document normatively updates RFC 4975 and RFC 4976. The file can be obtained via https://datatracker.ietf.org/doc/draft-pd-dispatch-msrp-websocket/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-pd-dispatch-msrp-websocket/ballot/ No IPR declarations have been submitted directly on this I-D. |
2016-06-10
|
12 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2016-06-10
|
12 | Ben Campbell | Here is my AD evaluation of draft-pd-dispatch-msrp-websocket-12. Nothing here need block the IETF Last Call. -1, last paragraph: Consider citing RFC4976 for "MSRP relay". (I … Here is my AD evaluation of draft-pd-dispatch-msrp-websocket-12. Nothing here need block the IETF Last Call. -1, last paragraph: Consider citing RFC4976 for "MSRP relay". (I also suggest citations to 4975 and 4976 when you talk about "normal" clients and relays. -5.1, first paragraph: "...messages MUST be routed via an MSRP WebSocket Server" This seems more a statement of fact than a normative requirement. That is, it is an implication of the fact that websocket clients cannot directly connect to other websocket clients. Please consider removing the upper-case MUST. 5.3.1. 4th paragraph (1st after numbered list): s/event/even - General: IDNits emits the following: -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at http://trustee.ietf.org/license-info for more information.) . Is any part of the document that old? I suspect this is due to the update of 4975 and 4976. Do you incorporate substantial text or examples from those RFCs? If not, I'm not sure we need the disclaimer. (I vaguely recall discussing this before, but maybe that was for a different MSRP related draft.) |
2016-06-10
|
12 | Ben Campbell | Last call was requested |
2016-06-10
|
12 | Ben Campbell | Last call announcement was generated |
2016-06-10
|
12 | Ben Campbell | Last call was requested |
2016-06-10
|
12 | Ben Campbell | Last call announcement was generated |
2016-06-10
|
12 | Ben Campbell | IESG state changed to Last Call Requested from AD Evaluation |
2016-06-10
|
12 | Ben Campbell | Ballot writeup was changed |
2016-06-10
|
12 | Ben Campbell | Ballot writeup was changed |
2016-06-10
|
12 | Ben Campbell | Ballot writeup was generated |
2016-06-10
|
12 | Ben Campbell | Ballot approval text was generated |
2016-05-23
|
12 | Ben Campbell | IESG state changed to AD Evaluation from Publication Requested |
2016-05-11
|
12 | Ben Campbell | Assigned to Applications and Real-Time Area |
2016-05-11
|
12 | Ben Campbell | IESG process started in state Publication Requested |
2016-05-04
|
12 | Mary Barnes | Changed document writeup |
2016-05-03
|
12 | Gavin Llewellyn | New version available: draft-pd-dispatch-msrp-websocket-12.txt |
2016-05-02
|
11 | Ram R | New version available: draft-pd-dispatch-msrp-websocket-11.txt |
2016-02-14
|
10 | Ram R | New version available: draft-pd-dispatch-msrp-websocket-10.txt |
2015-07-28
|
09 | Gonzalo Salgueiro | New version available: draft-pd-dispatch-msrp-websocket-09.txt |
2015-01-26
|
08 | Gonzalo Salgueiro | New version available: draft-pd-dispatch-msrp-websocket-08.txt |
2015-01-26
|
07 | Gavin Llewellyn | New version available: draft-pd-dispatch-msrp-websocket-07.txt |
2014-08-17
|
06 | Gonzalo Salgueiro | New version available: draft-pd-dispatch-msrp-websocket-06.txt |
2014-02-13
|
05 | Peter Dunkley | New version available: draft-pd-dispatch-msrp-websocket-05.txt |
2013-12-13
|
04 | Gonzalo Salgueiro | New version available: draft-pd-dispatch-msrp-websocket-04.txt |
2013-12-13
|
03 | Richard Barnes | Document shepherd changed to Mary Barnes |
2013-12-13
|
03 | Richard Barnes | Intended Status changed to Proposed Standard from None |
2013-12-13
|
03 | Richard Barnes | Document shepherd changed to Gonzalo Salgueiro |
2013-12-13
|
03 | Richard Barnes | Stream changed to IETF from None |
2013-12-12
|
03 | Peter Dunkley | New version available: draft-pd-dispatch-msrp-websocket-03.txt |
2013-05-10
|
02 | Peter Dunkley | New version available: draft-pd-dispatch-msrp-websocket-02.txt |
2013-01-08
|
01 | Peter Dunkley | New version available: draft-pd-dispatch-msrp-websocket-01.txt |
2012-12-17
|
00 | Peter Dunkley | New version available: draft-pd-dispatch-msrp-websocket-00.txt |