W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2002

RE: SOAP port number

From: Eugene Kuznetsov <eugene@datapower.com>
Date: Mon, 7 Jan 2002 16:32:15 -0500
To: "Mark Nottingham" <mnot@mnot.net>, "Mark Baker" <distobj@acm.org>
Cc: "Henrik Frystyk Nielsen" <henrikn@microsoft.com>, "Krishna Sankar" <ksankar@cisco.com>, <xml-dist-app@w3.org>
Message-ID: <NDBBLGLOJMHANDPKJOCOAENIFBAA.eugene@datapower.com>
> I would strongly urge the group not to pursue this; although it seems
> like a good/friendly thing to do, it encourages people to trust (or
> not trust) traffic by port, which is unrealistic and dangerous.

I cannot resist pointing out that this is exactly what people do with their
firewalls and content switches today. Leaving aside whether it is proper or
dangerous, "unrealistic" is thinking that people do not use TCP ports to
filter, classify and route their IP network traffic.

Indeed, one of the reasons oft-cited for SOAP over HTTP is explicitly the
fact that because many enterprise firewalls block all incoming ports other
than port 80, putting SOAP over port 80 is a win! (The "catch-22" again).

The ability to associate application expectations for traffic on a certain
TCP port is important. Yes, in itself it is not a guarantee of security or
correct application behavior -- you may still verify those expectations
(e.g., "I'm a firewall and I expect HTTP only on port 80, verify that to be
the case"), but it is a vital part of the network infrastructure today.


\\ Eugene Kuznetsov
\\ eugene@datapower.com
\\ DataPower Technology, Inc.
Received on Monday, 7 January 2002 16:27:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:05 GMT