I'm with you on the confusion, it makes no sense at all to call it a host. MCP host should
host the MCP server (yes, I know - that is yet a separate term).
The MCP standard seems a mess, e.g take this paragraph from here[1]
> In the Streamable HTTP transport, the server operates as an independent process that can handle multiple client connections.
Yes, obviously, that is what servers do. Also, what is "Streamable HTTP"? Comet, HTTP2, or even websockets? SSE could be a candidate, but it isn't as it says "Streamable HTTP" replaces SSE.
> This transport uses HTTP POST and GET requests.
Guys, POST and GET are verbs for HTTP protocol, TCP is the transport. I guess they could say that they use HTTP protocol, which only uses POST and GET verbs (if that is the case).
> Server can optionally make use of Server-Sent Events (SSE) to stream multiple server messages.
This would make sense if there weren't the note "This replaces the HTTP+SSE transport" right below the title.
> This permits basic MCP servers, as well as more feature-rich servers supporting streaming and server-to-client notifications and requests.
Again, how is streaming implemented (what is "Streaming HTTP")?. Also, "server-to-client .. requests"? SSE is unidirectional, so those requests are happening over secondary HTTP requests?
--
And then the 2.0.1 Security Warning seems like a blob of words on security, no reference to maybe same-origin. Also, "for local servers bind to localhost and then implement proper authentication" - are both of those together ever required? Is it worth it to even say that servers should implement proper authentication?
Anyway, reading the entire documentation one might be able to put a charitable version of the MCP puzzle together that might actually make sense. But it does seem that it isn't written by engineers, in which case I don't understand why or to whom is this written for.
[1] https://modelcontextprotocol.io/specification/draft/basic/tr...