Short answer: BCP 61, Section 7. <http://tools.ietf.org/html/bcp61#section-7> On Sep 12, 2011, at 5:49 AM, Tobias Oberstein wrote: > """ > 10.6. Connection confidentiality and integrity > > Communications confidentiality and integrity is provided by running > the WebSocket protocol over TLS (wss URIs). WebSocket > implementations MUST support TLS, and SHOULD employ it when > communicating with their peers. > """ > > Why MUST? > > For example, TLS does not provide end-to-end confidentiality when > WebSockets used for communicating between client peers, and > the WS server is only there to mediate e.g. publish/subscribe messages. > > In this case, confidentiality/integrity can be accomplished by encrypting > the payload of the messages, but without encrypting the point-to-point > transports between the clients to the server. Encrypting the transport > when the payload is already encrypted does not make sense in this > scenario. > > I'd like to suggest: > > """ > When point-to-point communication confidentiality and integrity is > desired and sufficient, the implementation SHOULD use TLS. > """ > _______________________________________________ > hybi mailing list > hybi@ietf.org > https://www.ietf.org/mailman/listinfo/hybi _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
