W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2010

Re: [hybi] workability (or otherwise) of HTTP upgrade

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 8 Dec 2010 11:04:15 +1100
Cc: Greg Wilkins <gregw@webtide.com>, hybi HTTP <hybi@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <002947D8-5CE7-4390-8907-B4BE1BE48B83@mnot.net>
To: Maciej Stachowiak <mjs@apple.com>

On 07/12/2010, at 7:07 PM, Maciej Stachowiak wrote:

> It might be worth testing a new port (not 80 or 443 or any other well-known port) for success rate. It would also be worthwhile comparing TLS over port 443. It may be that 443 is the only option that gives a resonable success rate.


+1, although I'd reiterate that defining a new default port would be a nice balance, in that people could still specify 443 in the URL, yet we wouldn't be explicitly promoting the circumvention of firewalls (which IMO isn't going to get past IETF review).

The problem with using port 80 is that it's a catch-22; using it gets you past most firewalls, because it has a well-known protocol on it, but because it has a well-known protocol on it, people interpose devices that make assumptions about the protocol being spoken. We can bend the protocol in lots of ways to try to work around that, but by nature it's going to be inexact and brittle to do so.

--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 8 December 2010 00:04:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:33 GMT