W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: SSL Tunneling; Informational RFC; Last call?

From: Foteos Macrides <MACRIDES@sci.wfbr.edu>
Date: Fri, 19 Sep 1997 23:02:13 -0500 (EST)
To: fielding@kiwi.ics.uci.edu
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, luotonen@netscape.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4468
"Roy T. Fielding" <fielding@kiwi.ics.uci.edu> wrote:
>>	Does anyone familiar with the CONNECT method have a serious
>>objection to its being considered as a standards track method, not
>>necessarily for the impending HTTP/1.1 RFC, but eventually to be
>>merged into an HTTP RFC?
>I have no objection to it, provided that the security concerns are
>adequately described, but in that case it should not be published as
>an Informational RFC (since that is not standards track).  Instead,
>it should be submitted to the WG for addition to HTTP/1.1 (assuming
>Larry agrees that it is appropriate to do so).
>BTW, it is also implemented in the Apache proxy, but I don't know
>if that implementation works correctly yet.

	The -08 draft defines tunneling, discusses it at length, but
offers no method name and specs for actually doing it.  CONNECT is
widely implemented, in itself is not a "munition", and all that's
needed is formal IETF specs to help ensure that the various
implementations are interoperable (with a standard description of
the security concerns) -- basically just editoral board polishing
of Ari's draft.


 Foteos Macrides            Worcester Foundation for Biomedical Research
 MACRIDES@SCI.WFBR.EDU         222 Maple Avenue, Shrewsbury, MA 01545
Received on Friday, 19 September 1997 20:06:59 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:21 UTC