- From: Willy Tarreau <w@1wt.eu>
- Date: Mon, 18 Nov 2013 06:20:05 +0100
- To: Roberto Peon <grmocg@gmail.com>
- Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Mike Belshe <mike@belshe.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Sun, Nov 17, 2013 at 02:34:07PM -0800, Roberto Peon wrote: > That is fairly sad. I was able to do this with a shell script and 20 > seconds of thought the other day. > > In any case, I think that Mike was talking about the ability of a properly > implemented endpoint to traverse the internet reliably. I know a number of places (mostly in corporate environments) where you can't openly access 443 until the site is white-listed. So the benefit is not on this specific point. What is interesting however is that most of the time the port is open to *somewhere*, directly, via an MITM box or via a filtering proxy which rejects the access. So in almost all cases we can get a quick response on 443 with a certain confidence. For example, an MITM box will not blindly advertise HTTP/2.0 with ALPN in the handshake if it is not aware of this new protocol. So I'd say that you can trust better what you *see* on port 443 than what you *see* on 80, which in turn has far more chances of being opened and respond quickly than a new port, while being less transparent. Willy
Received on Monday, 18 November 2013 05:20:33 UTC