- From: Robert Waldstein <wald@library.ho.lucent.com>
- Date: Mon, 14 Aug 2000 10:58:29 -0400
- To: Mark Needleman - DRA <mneedlem@dra.com>
- Cc: Robert Waldstein <wald@library.ho.lucent.com>, www-zig@w3.org
> > Why cant you just listen on both the secure and insecure ports? - also > even though some of your records dont need to be encrypted - is there any > harm (except for the overhead) of just encrypting all of the data? sure - as I said I agree putting something on an secure socket is easy. And yes, could only use the secure socket. Actually guess could argue the same for all internet applications (guess some people do -)). And since I have at least one searcher that says the search itself should be secure - this would also be resolved by doing everything over secure sockets. Actually, thinking about it your point is correct - this means the security is all between me and the authenticated remote user; encryption of the data becomes an aside - as it should be to an application such as z39.50. Okay - so now I just wait till the world buys into this... Guess we still need some sort of redirect since people will still come to port 210 and ask for things requiring secure channels. bob -- Robert K. Waldstein Email: wald@lucent.com Bell Laboratories, Room 3D-591 Phone: (908) 582-6171 600 Mountain Avenue Murray Hill, New Jersey 07974
Received on Monday, 14 August 2000 10:58:43 UTC