Re: fyi: should URIs convey protocol/service layering?

"Roy T. Fielding" wrote:

> On Fri, Jun 15, 2001 at 11:41:21AM -0500, Dan Connolly wrote:
[...]
> > But folks have mostly avoided the practical side of
> > this issue by layering everything on top of http;
> > a noteable exception is https:, where I wish
> > we would have avoided putting the "secure" flag
> > in the name.
> 
> But we could not have avoided that.  The security context must be established
> before the client uses the URL in any other way, which meant that an http URL
> cannot be used because of the risk of older browsers mistaking it for a normal
> request without secure communication.

I'd prefer that they found out some other way than peeking
in the name. But maybe there's no way to do that; there
certainly wasn't at the time.

> In any case, http and https define two entirely different naming authorities,
> even when their implementations reside on the same machine.

Really? Hmm... I'm not sure what you mean by that.
Do you mean that the authority comes from the PKI
certificate hierarchy, rather than the DNS hierarchy?
I guess that makes sense.

-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/

Received on Friday, 15 June 2001 22:03:57 UTC