The WebSocket Protocol
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, hybi mailing list <firstname.lastname@example.org>, hybi chair <email@example.com> Subject: Protocol Action: 'The WebSocket protocol' to Proposed Standard (draft-ietf-hybi-thewebsocketprotocol-17.txt) The IESG has approved the following document: - 'The WebSocket protocol' (draft-ietf-hybi-thewebsocketprotocol-17.txt) as a Proposed Standard This document is the product of the BiDirectional or Server-Initiated HTTP Working Group. The IESG contact persons are Peter Saint-Andre and Pete Resnick. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-hybi-thewebsocketprotocol/
Technical Summary The WebSocket protocol enables two-way communication between a client running untrusted code running in a controlled environment to a remote host that has opted-in to communications from that code. The security model used for this is the Origin-based security model commonly used by Web browsers. The protocol consists of an opening handshake followed by basic message framing, layered over TCP. The goal of this technology is to provide a mechanism for browser-based applications that need two-way communication with servers that does not rely on opening multiple HTTP connections (e.g. using XMLHttpRequest or <iframe>s and long polling). Working Group Summary The discussion within HyBi WG was extremely contentious up to the month of December 2010/January 2011, when there was some indication that due the lack of a valid way out some participants might have been considering the possibility of leaving the IETF process altogether. The consensus around masking as a solution to the security concerns raised at the end of 2010, although not everybody's favorite, was the point around which the major parties agreed they could live with, and the process began moving forward again. Since then, the process has been more normal for an IETF WG, in that not everyone agrees with the declared consensus points, but at least there has been a forward movement on a regular basis. Document Quality There are already several implementations of the protocol on different WebServers (e.g. Glassfish, Jetty, Apache) a library implementation (e.g., libwebsocket) and from the client side Firefox6 already includes the protocol in its last version, Google has announced to include it in a future version of Chrome Browser. Microsoft has announced client and server support in the upcoming Windows release ("Windows 8"). The following reviewers merit special mention. Magnus Westerlund reviewed the -07 version on behalf of the TSV Directorate. Lisa Dusseault, Richard Barnes and Kathleen Moriarty reviewed the -10 version on behalf of the Applications Area Review Team, General Area Review Team, and Security Directorate respectively. RFC Editor Notes 1. Section 1.3 OLD [FIPS.180-2.2002] NEW [FIPS.180-3] 2. Section 14.1 OLD [FIPS.180-2.2002] National Institute of Standards and Technology, "Secure Hash Standard", FIPS PUB 180-2, August 2002, <http:// csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf>. NEW [FIPS.180-3] National Institute of Standards and Technology, "Secure Hash Standard", FIPS PUB 180-3, October 2008, <http:// csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf>.