Intent to Implement: WebSockets over HTTP/2

[Bence Béky]

To: blin...@chromium.org (this is part of the Blink launch process).

Bcc: net...@chromium.org as FYI.

Contact emails

b...@chromium.org

Spec

https://tools.ietf.org/html/draft-ietf-httpbis-h2-websockets-00

Design doc

https://docs.google.com/document/d/1ZxaHz4j2BDMa1aI5CQHMjtFI3UxGT459pjYv4To9rFY

Summary

Implement support for secure WebSockets over an already established HTTP/2 connection.

Motivation

A large proportion of web servers support HTTP/2.  Currently if a WebSocket is requested to such a server, a new HTTP/1.1 connection must be established even if there is an active HTTP/2 connection, because WebSocket handshake is only supported over HTTP/1.1.  However, if both the server and the client support WebSockets over HTTP/2, and the connection is already open, and the server has advertised support as described in the specification, and the request is for a secure WebSocket, then the client can open a new stream on the existing HTTP/2 connection, thereby saving the roundtrip times associated with the TCP and TLS handshake.

Interoperability and Compatibility Risk

A Firefox network stack engineer is driving the specification singlehandedly, which is a strong indicator to their commitment to implement this feature.  Last November, the IETF httpbis working group chair has deemed community interest strong enough for adoption of the draft.

The feature requires explicit advertisement of support from the server, therefore the interoperability risk with servers and reverse proxies is low.  The feature is tied to HTTP/2 which is only supported over TLS in Chromium, therefore the interoperability risk with proxies is low.

Activation

This feature will be used with compatible servers without the need for activation from web developers, as long as the WebSocket request is secure (wss scheme as opposed to ws).

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes.  This feature will be implemented in the Chromium network stack, therefore it will be supported on all platform where such network stack is used and enable_websockets build flag is true.

Link to entry on the feature dashboard

I do not believe that this feature merits outreach to developers.

Requesting approval to ship?

No.

[PhistucK]

> The feature is tied to HTTP/2 which is only supported over TLS in Chromium, therefore the interoperability risk with proxies is low

I am not nearly knowledgeable enough in this area, but this sentence does not sound quite right. How does the fact that HTTP/2 requires TLS make it so proxy interoperability risk is low?

> I do not believe that this feature merits outreach to developers.

chromestatus.com feeds the beta blog posts and is generally the way to advertise support for new features.

There should generally be a pretty good reason not to include your feature there. This feature probably belongs in chromestatus.com.

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+unsubscribe@chromium.org.
To post to this group, send email to net...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CACMu3trUFpK_amuj0G3w0iPH8tC-A7_AiRceBnK2tAVWqME9VQ%40mail.gmail.com.

[Ryan Hamilton]

On Sat, Feb 24, 2018 at 5:52 AM, PhistucK <phis...@gmail.com> wrote:

> The feature is tied to HTTP/2 which is only supported over TLS in Chromium, therefore the interoperability risk with proxies is low

I am not nearly knowledgeable enough in this area, but this sentence does not sound quite right. How does the fact that HTTP/2 requires TLS make it so proxy interoperability risk is low?

​Since HTTP/2 is over TLS​, and TLS is encrypted end-to-end, this means that the contents of the traffic are opaque to middle boxes, including proxies. In the case of clear-text HTTP, on the other hard, middle boxes are able to see and modify the contents which leads to interop problems.

[PhistucK]

Does that apply to corporate proxies?

☆PhistucK

[Ryan Hamilton]

By "corporate proxies", I assume you mean those which terminate TLS connection in cooperation with the certs on the client devices. Yes, there is an interop risk with such proxies. 

[Bence Béky]

Thank you for your feedback.  I created an entry on the feature dashboard.