W3C home > Mailing lists > Public > ietf-discuss@w3.org > December 1999

Re: HTTP Extensions Framework status?

From: Martin J. Duerst <duerst@w3.org>
Date: Wed, 08 Dec 1999 12:22:09 +0900
Message-Id: <199912080406.NAA21890@sh.w3.mag.keio.ac.jp>
To: "Roy T. Fielding" <fielding@kiwi.ICS.UCI.EDU>
Cc: discuss@apps.ietf.org
At 18:14 1999/12/07 -0800, Roy T. Fielding wrote:

> That is why HTTP goes through firewalls.  Most of the extensions that
> have been proposed lately (aside from DAV and its ilk) have merely used
> HTTP as a way to move other application protocols through a firewall,
> which is a fundamentally stupid idea.  Not only does it defeat the purpose
> of having a firewall, but it won't work for the long term because firewall
> vendors will simply have to perform protocol filtering to continue their
> existance.  It therefore makes no sense to do those extensions on top of
> HTTP, since the only thing HTTP accomplishes in that situation is to add
> overhead from a legacy syntax.

Just an observation. I think the main reason why HTTP is still
chosen in this case is the following:

If you design your own protocol, then the default/initial firewall
behaviour is to shut it out. If you piggiback on top of HTTP, then
the default/initial behaviour is to pass things through.

There is probably a better chance to get people to use a protocol,
and to get security people understand a protocol, and set the
right restrictions, if at the start you can just use it.


Regards,   Martin.


#-#-#  Martin J. Du"rst, World Wide Web Consortium
#-#-#  mailto:duerst@w3.org   http://www.w3.org
Received on Tuesday, 7 December 1999 23:07:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:26 GMT