On 12/11/2010 9:36 PM, tav wrote:
Hi there,
WebSockets have recently been disabled due to security concerns raised
by Adam Barth of Google:
* https://bugzilla.mozilla.org/show_bug.cgi?id=616733
* http://www.ietf.org/mail-archive/web/hybi/current/msg04744.html
However, seeing as those concerns don't apply to WebSockets Secure
(wss) connections, could we please re-enable them for encrypted
connections?
I was initially going to file a bug, but was advised on IRC to discuss
it on the newsgroups first. So, apologies in advance if I haven't
observed the appropriate community guidelines in some way.
--
Many thanks, tav,<t...@espians.com>
Hi, Tav! Thanks for your note.
I think that right now we'd rather spend our time moving to the next
version of WebSockets and working to try and get Firefox 4 out the
door. It's relatively easy for us to disable this feature, but trying
to make it work for the non-SSL case might be quite a bit of work.
Given that we know we're going to be changing the protocol anyway I'd
just rather just spend our time getting to that instead of investing in
something we know we're going to replace.
I realize that this probably isn't the answer you were looking for, but
it's the right one given where we are in our release cycle.
--Chris
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
