- From: 陈智昌 <willchan@chromium.org>
- Date: Fri, 6 Apr 2012 16:30:29 +0200
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Cc: ietf-http-wg@w3.org
- Message-ID: <CAA4WUYipNcFpigX4MHQHOtM-M0vFBSRjMJLZnpN6GXkPinVNMw@mail.gmail.com>
On Fri, Apr 6, 2012 at 4:00 PM, Nicolas Mailhot <nicolas.mailhot@laposte.net > wrote: > Mike Belshe <mike@...> writes: > > > For the record - nobody wants to avoid using port 80 for new protocols. > I'd > > love to! There is no religious reason that we don't - its just that we > know, > > for a fact, that we can't do it without subjecting a non-trivial number > of > > users to hangs, data corruption, and other errors. You might think its > ok for > > someone else's browser to throw reliability out the window, but nobody at > > Microsoft, Google, or Mozilla has been willing to do that... > > And yet none of those vendors though twice before disabling https > redirects, > even though it was known they were widely used by proxies and captive > portals, > and no replacement was proposed, and it subjected and still subjects a > non-trivial number of proxy users to hangs, data corruption, and > other errors. > I don't think this is relevant to the http/2.0 discussion. I'm happy to have this discussion, but perhaps you should start another thread. I don't know what you mean by disabling https redirects...I think you mean clients do what they are supposed to do with https URLs - verify the server's certificate, which generally prevents these captive portals from MITM'ing the connection. I understand this causes problems for captive portal vendors, but I don't think it's valid to complain that clients are correctly implementing https. I think captive portal vendors should come up with a real proposal instead of relying on hacks. > > -- > Nicolas Mailhot > > >
Received on Friday, 6 April 2012 14:31:09 UTC