Re: Upgrading to TLS Within HTTP/1.1 draft available

Jim Gettys wrote:

> > But aren't there security benefits to having separate ports (e.g., making it
> > possible to run your secure server in a separate process)?
>
> No: the problem is that establishing a connection to a separate port
> allows for man-in-the-middle attacks at connection establishment times;

OK, got it.  Thanks for the explanation.

--
/=============================================================\
|John Stracke    | My opinions are my own | S/MIME & HTML OK  |
|francis@ecal.com|============================================|
|Chief Scientist | NT's lack of reliability is only surpassed |
|eCal Corp.      |  by its lack of scalability. -- John Kirch |
\=============================================================/

Received on Tuesday, 29 June 1999 10:13:17 UTC