W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2012

Re: #385: HTTP2 Upgrade / Negotiation

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 25 Oct 2012 23:46:18 +0200
To: "Adrien W. de Croy" <adrien@qbik.com>
Cc: Patrick McManus <pmcmanus@mozilla.com>, Yoav Nir <ynir@checkpoint.com>, Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>, Mark Nottingham <mnot@mnot.net>, Amos Jeffries <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20121025214618.GK16195@1wt.eu>
Hi Adrien,

On Thu, Oct 25, 2012 at 09:39:52PM +0000, Adrien W. de Croy wrote:
> I think 2 could introduce a significant delay.  What proportion of 
> websites support TLS on 443?

it is increasing but some of them will still block 443 (mine used to
until not long ago).

> Or is this purely to get past intermediaries to a site you already know 
> supports 2.0?

Could be a reasonable prerequisite.

> Or how do you know already that the site is available on 
> 443, and if someone clicked a http:// URL, is it valid to make a https 
> connection?  Sometimes it's a different site on the different port.

Hmmm you're right, I had not thought about this one. It could even
cause a security issue if the port is relayed to someone else who
controls the TLS termination. Please forget this idea.

> In fact for that reason alone, you can't change the port that the URI 
> specified from 80 to 443.  You can end up getting the wrong site.
> I foresee a bunch of problems where 1 fails due to intercepting proxy 
> not understanding Upgrade, and 2 fails because the site is http only on 
> 80 only.
> Or did I misunderstand what you're getting at?

No you did not, and instead you proved that my suggestion was stupid,
so there's no point thinking about it anymore :-)

Thanks !
Received on Thursday, 25 October 2012 21:47:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:07 UTC