From: David Woolley <firstname.lastname@example.org> Message-Id: <199803060839.IAA07543@djwhome.demon.co.uk> To: email@example.com Date: Fri, 6 Mar 1998 08:39:17 +0000 (GMT) Cc: uri@Bunyip.Com, firstname.lastname@example.org, email@example.com In-Reply-To: <199803060116.UAA28439@access5.digex.net> from "Al Gilman" at Mar 5, 98 08:16:25 pm Subject: Re: LYNX-DEV problem with 'news' url draft > > Are snews URLs used? Is news+ssl offered with any regularity? > Is port 563 generally used for this? My understanding is that it was invented by Netscape at the same time as https and that they use it for their support newsgroups, although I don't know to what extent they do this for lock in/demonstration reasons and to what extent to protect the information from non-paying customers. My impression from various things I've seen on USENET is that quite a lot of commercial users of their products have started using it as well, although I'm not sure if that is for closed, external services, or for internal company services. I think you can assume that Netscape have been trying to create this market, although their original competitive edge will have been considerably blunted by time. My impression is that it is generally used in a context where snntp would have been a more appropriate URL name, but Netscape destroyed the distinction between nntp and new and I think that has now been officially sanctioned. There may be some ISPs offering it to give customers a false sense that their newsreading habits are kept private. > > Should this be discouraged? Actively or passively, by failing to > bless this usage with a Proposed Standard? I doubt that a standard will have much influence in this market area. SSL is much more of a marketing phenomena than a technical one; my impression is that the traditional users of secure communications could have implemented it a long time ago, but didn't for reasons that haven't changed, and may even have gone against it, namely a distrust in the security of software implementations. Incidentally from the port space pollution point of view, I think you will find that the nature of SSL is such that it requires a doubling of the number of privileged ports. You can't just autodetect it on the standard port, because the nature of the thing is such that it is very likely that people will want to permit it across a firewall, but not the raw protocol. You could define an SSL multiplexor port, with the sub-protocol carried in the data; it is even possible that this is in the latest version, however, again there may be a demand to discriminate at firewalls.