- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 25 Oct 2012 23:46:18 +0200
- To: "Adrien W. de Croy" <adrien@qbik.com>
- Cc: Patrick McManus <pmcmanus@mozilla.com>, Yoav Nir <ynir@checkpoint.com>, Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>, Mark Nottingham <mnot@mnot.net>, Amos Jeffries <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Hi Adrien, On Thu, Oct 25, 2012 at 09:39:52PM +0000, Adrien W. de Croy wrote: > I think 2 could introduce a significant delay. What proportion of > websites support TLS on 443? it is increasing but some of them will still block 443 (mine used to until not long ago). > Or is this purely to get past intermediaries to a site you already know > supports 2.0? Could be a reasonable prerequisite. > Or how do you know already that the site is available on > 443, and if someone clicked a http:// URL, is it valid to make a https > connection? Sometimes it's a different site on the different port. Hmmm you're right, I had not thought about this one. It could even cause a security issue if the port is relayed to someone else who controls the TLS termination. Please forget this idea. > In fact for that reason alone, you can't change the port that the URI > specified from 80 to 443. You can end up getting the wrong site. > > I foresee a bunch of problems where 1 fails due to intercepting proxy > not understanding Upgrade, and 2 fails because the site is http only on > 80 only. > > Or did I misunderstand what you're getting at? No you did not, and instead you proved that my suggestion was stupid, so there's no point thinking about it anymore :-) Thanks ! Willy
Received on Thursday, 25 October 2012 21:47:08 UTC