Ian Hickson wrote: > On Mon, 29 Jun 2009, Greg Wilkins wrote: >> Ian Hickson wrote: >> >>> Minimal framing isn't a requirement. Being able to implement the >>> server-side component easily is: >>> >>> | - It must be possible to implement a fully-conforming server-side >>> | component for this in a few dozen lines of scripting code, in the case >>> | where sharing the connection with an HTTP server isn't required. >> Can you expand on why you think this is a requirement? > > If we make it difficult to write a compliant implementation, then we won't > get many compliant implementations. This will either be because we don't > get many implementations at all, or because we get many poor quality > implementations. > > Having few implementations is bad because it leads to a monoculture where > a single vulnerability means the entire ecosystem is vulnerable. > > Having many poor quality implementations is bad because interoperability > will be difficult to achieve, making it less likely that users will have a > good experience. Ian, I think lines of code and software quality are orthogonal. There are many many programmers who are able to produce very poor quality code in just 1 line. Even with simple CGI, I have had many experiences where poor quality client "implementations" have had unintended consequences. I believe the path to a good user experience is to give them an environment that abstracts away the details of the protocol. Websocket does this on the client side, so I don't see why this should not be done server side. But I do agree with you that the protocol should not be difficult to implement and that we do not want a monoculture. But it is overly simplistic to say a protocol that needs more than a few dozen lines of code is going to be rarely implemented or of poor quality. cheers
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.