- From: Martin J. Duerst <duerst@w3.org>
- Date: Wed, 08 Dec 1999 12:22:09 +0900
- To: "Roy T. Fielding" <fielding@kiwi.ICS.UCI.EDU>
- Cc: discuss@apps.ietf.org
At 18:14 1999/12/07 -0800, Roy T. Fielding wrote: > That is why HTTP goes through firewalls. Most of the extensions that > have been proposed lately (aside from DAV and its ilk) have merely used > HTTP as a way to move other application protocols through a firewall, > which is a fundamentally stupid idea. Not only does it defeat the purpose > of having a firewall, but it won't work for the long term because firewall > vendors will simply have to perform protocol filtering to continue their > existance. It therefore makes no sense to do those extensions on top of > HTTP, since the only thing HTTP accomplishes in that situation is to add > overhead from a legacy syntax. Just an observation. I think the main reason why HTTP is still chosen in this case is the following: If you design your own protocol, then the default/initial firewall behaviour is to shut it out. If you piggiback on top of HTTP, then the default/initial behaviour is to pass things through. There is probably a better chance to get people to use a protocol, and to get security people understand a protocol, and set the right restrictions, if at the start you can just use it. Regards, Martin. #-#-# Martin J. Du"rst, World Wide Web Consortium #-#-# mailto:duerst@w3.org http://www.w3.org
Received on Tuesday, 7 December 1999 23:07:40 UTC