W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: SSL Tunneling; Informational RFC; Last call?

From: Foteos Macrides <MACRIDES@sci.wfbr.edu>
Date: Fri, 19 Sep 1997 23:02:13 -0500 (EST)
To: fielding@kiwi.ics.uci.edu
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, luotonen@netscape.com
Message-Id: <01INUDW3AEQQ003XHC@SCI.WFBR.EDU>
"Roy T. Fielding" <fielding@kiwi.ics.uci.edu> wrote:
>>	Does anyone familiar with the CONNECT method have a serious
>>objection to its being considered as a standards track method, not
>>necessarily for the impending HTTP/1.1 RFC, but eventually to be
>>merged into an HTTP RFC?
>
>I have no objection to it, provided that the security concerns are
>adequately described, but in that case it should not be published as
>an Informational RFC (since that is not standards track).  Instead,
>it should be submitted to the WG for addition to HTTP/1.1 (assuming
>Larry agrees that it is appropriate to do so).
>
>BTW, it is also implemented in the Apache proxy, but I don't know
>if that implementation works correctly yet.

	The -08 draft defines tunneling, discusses it at length, but
offers no method name and specs for actually doing it.  CONNECT is
widely implemented, in itself is not a "munition", and all that's
needed is formal IETF specs to help ensure that the various
implementations are interoperable (with a standard description of
the security concerns) -- basically just editoral board polishing
of Ari's draft.

				Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 MACRIDES@SCI.WFBR.EDU         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
Received on Friday, 19 September 1997 20:06:59 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:01 EDT