Skip to main content

Last Call Review of draft-pd-dispatch-msrp-websocket-10
review-pd-dispatch-msrp-websocket-10-opsdir-lc-baker-2016-07-11-00

Request Review of draft-pd-dispatch-msrp-websocket
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2016-07-08
Requested 2016-06-13
Authors Peter Dunkley , Gavin Llewellyn , Victor Pascual , Gonzalo Salgueiro , Ram R
I-D last updated 2016-07-11
Completed reviews Genart Last Call review of -12 by Joel M. Halpern (diff)
Secdir Last Call review of -12 by Donald E. Eastlake 3rd (diff)
Opsdir Last Call review of -10 by Fred Baker (diff)
Assignment Reviewer Fred Baker
State Completed
Request Last Call review on draft-pd-dispatch-msrp-websocket by Ops Directorate Assigned
Reviewed revision 10 (document currently at 15)
Result Has issues
Completed 2016-07-11
review-pd-dispatch-msrp-websocket-10-opsdir-lc-baker-2016-07-11-00
I am reviewing this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written with the intent of improving the operational aspects of the IETF
drafts. Comments that are not addressed in last call may be included in AD
reviews during the IESG review. Document editors and WG chairs should treat
these comments just like any other last call comments.

I have a few questions regarding the document. My perception, which may or may
not be correct, is that it targets down-rev protocols - http/s 1.1 and TLS 1.2,
the former of which has been obsoleted and replaced and the latter is (I'm
told) about to be. I'm fine with having those as options, but it seems like
publishing this without references to the current technology means that it will
need to be updated or replaced soon with a document that does.

Note that I am not registering these as objections; I think this is a
conversation that needs to be had, but if the consensus of people more expert
than myself in this technology is to stay down-rev, I'm OK with it.

> 1.  Introduction
>
>    The WebSocket [RFC6455] protocol enables message exchange between
>    clients and servers on top of a persistent TCP connection (optionally
>    secured with TLS [RFC5246]).  The initial protocol handshake makes
>    use of HTTP [RFC7230] semantics, allowing the WebSocket protocol to
>    reuse existing HTTP infrastructure.

I understand HTTP 1.1 (which is to say "pipelined TCP"), but I was surprised to
not read about RFC 7540 HTTP 2.0 (Secure TCP). Is there a reason to not allow
for the latter, at least as an option?

> 3.  WebSocket Protocol Overview
>
>    The WebSocket protocol [RFC6455] is a transport layer on top of TCP
>    (optionally secured with TLS [RFC5246]) in which both client and
>    server exchange message units in both directions.

Is this extensible to TLS 1.3, which I'm told is in the offing? That would
obsolete RFC 5246.

Attachment:

signature.asc

Description:

 Message signed with OpenPGP using GPGMail