W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1999

Re: Upgrading to TLS Within HTTP/1.1 draft available

From: John Stracke <francis@ecal.com>
Date: Tue, 29 Jun 1999 17:09:14 +0000
Message-ID: <3778FDBA.52F24DE8@ecal.com>
To: "Http-Wg@Hplb. Hpl. Hp. Com" <http-wg@hplb.hpl.hp.com>
Jim Gettys wrote:

> > But aren't there security benefits to having separate ports (e.g., making it
> > possible to run your secure server in a separate process)?
>
> No: the problem is that establishing a connection to a separate port
> allows for man-in-the-middle attacks at connection establishment times;

OK, got it.  Thanks for the explanation.

--
/=============================================================\
|John Stracke    | My opinions are my own | S/MIME & HTML OK  |
|francis@ecal.com|============================================|
|Chief Scientist | NT's lack of reliability is only surpassed |
|eCal Corp.      |  by its lack of scalability. -- John Kirch |
\=============================================================/
Received on Tuesday, 29 June 1999 18:10:35 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:31 EDT