I am reviewing this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. I have a few questions regarding the document. My perception, which may or may not be correct, is that it targets down-rev protocols - http/s 1.1 and TLS 1.2, the former of which has been obsoleted and replaced and the latter is (I'm told) about to be. I'm fine with having those as options, but it seems like publishing this without references to the current technology means that it will need to be updated or replaced soon with a document that does. Note that I am not registering these as objections; I think this is a conversation that needs to be had, but if the consensus of people more expert than myself in this technology is to stay down-rev, I'm OK with it. > 1. Introduction > > The WebSocket [RFC6455] protocol enables message exchange between > clients and servers on top of a persistent TCP connection (optionally > secured with TLS [RFC5246]). The initial protocol handshake makes > use of HTTP [RFC7230] semantics, allowing the WebSocket protocol to > reuse existing HTTP infrastructure. I understand HTTP 1.1 (which is to say "pipelined TCP"), but I was surprised to not read about RFC 7540 HTTP 2.0 (Secure TCP). Is there a reason to not allow for the latter, at least as an option? > 3. WebSocket Protocol Overview > > The WebSocket protocol [RFC6455] is a transport layer on top of TCP > (optionally secured with TLS [RFC5246]) in which both client and > server exchange message units in both directions. Is this extensible to TLS 1.3, which I'm told is in the offing? That would obsolete RFC 5246. Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail