""" 10.6. Connection confidentiality and integrity Communications confidentiality and integrity is provided by running the WebSocket protocol over TLS (wss URIs). WebSocket implementations MUST support TLS, and SHOULD employ it when communicating with their peers. """ Why MUST? For example, TLS does not provide end-to-end confidentiality when WebSockets used for communicating between client peers, and the WS server is only there to mediate e.g. publish/subscribe messages. In this case, confidentiality/integrity can be accomplished by encrypting the payload of the messages, but without encrypting the point-to-point transports between the clients to the server. Encrypting the transport when the payload is already encrypted does not make sense in this scenario. I'd like to suggest: """ When point-to-point communication confidentiality and integrity is desired and sufficient, the implementation SHOULD use TLS. """ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
