W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: something I don't get about the current plan...

From: Willy Tarreau <w@1wt.eu>
Date: Mon, 18 Nov 2013 06:20:05 +0100
To: Roberto Peon <grmocg@gmail.com>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Mike Belshe <mike@belshe.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <20131118052005.GI18577@1wt.eu>
On Sun, Nov 17, 2013 at 02:34:07PM -0800, Roberto Peon wrote:
> That is fairly sad. I was able to do this with a shell script and 20
> seconds of thought the other day.
> 
> In any case, I think that Mike was talking about the ability of a properly
> implemented endpoint to traverse the internet reliably.

I know a number of places (mostly in corporate environments) where you
can't openly access 443 until the site is white-listed. So the benefit
is not on this specific point.

What is interesting however is that most of the time the port is open
to *somewhere*, directly, via an MITM box or via a filtering proxy
which rejects the access. So in almost all cases we can get a quick
response on 443 with a certain confidence. For example, an MITM box
will not blindly advertise HTTP/2.0 with ALPN in the handshake if it
is not aware of this new protocol.

So I'd say that you can trust better what you *see* on port 443 than
what you *see* on 80, which in turn has far more chances of being
opened and respond quickly than a new port, while being less
transparent.

Willy
Received on Monday, 18 November 2013 05:20:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC