- From: Mark Nottingham <mnot@akamai.com>
- Date: Fri, 10 Aug 2001 20:36:17 -0700
- To: Patrik Fältström <paf@cisco.com>
- Cc: Keith Moore <moore@cs.utk.edu>, "Roy T. Fielding" <fielding@ebuilt.com>, Jacob Palme <jptest@dsv.su.se>, discuss@apps.ietf.org, Kristine Andersen <kristineandersen@hotmail.com>, Christer Backman <asphalt_world@hotmail.com>, Fredrik Björck <bjorck@dsv.su.se>, Mats Wiklund <matsw@dsv.su.se>, Sead Muftic <sead@dsv.su.se>
On Fri, Aug 10, 2001 at 07:53:58AM +0100, Patrik Fältström wrote: > --On 08/09/2001 3:29 PM -0400 Keith Moore <moore@cs.utk.edu> wrote: > > >> Right. Port 80 is reserved for the Web, not HTTP. > > > > well, I'm assuming that they're using something that resembles HTTP. > > > > I don't think it's reasonable to use port 80 for arbitrary protocols, > > whether or not you can consider such protocols part of "the web". > > > > p.s. does "the web" have a definition? In my mind "the web" includes > > anything that can be named with a URI, which is most of the Internet... > > Hmmm....I only use the wording "the web" is only used for the subset of > what is transported over the http protocol, can be named with a http URI, > and accessed with a "web browser" -- PLUS "embedded content" in the > webpages which the user is accessing -- PLUS accompanying things like > WEBDAV abilities to edit that data documents. > > I.e. "the web" is for me a subset of what you think is the web. The Web is an information space, not limited to any protocol or format (so, URI is closer to the definition than HTTP). As I understand it, this is more or less the W3C definition. I know that wiser heads than mine will consider this incorrect, but my belief is that a port allocation's semantics are limited to a reasonable expectation that a particular wire protocol will be spoken. It may be operationally convenient to make assumptions about what services are used over a particular protocol, but imposing policy, applying heuristics or inferring security based on port is unwise at best, as has been noted. This, IMHO, is especially true for generalised transfer protocols (*TPs). Do we consider valid users of the FTP ports to only be human-driven FTP clients? May only MUAs or MTAs acting on their behalf use port 25? It's certainly true that people do impose policy, apply heuristics and infer security from port 80, but I don't think this should be encouraged or codified. If we went down that path, it would restrict the 'valid' uses of HTTP, somewhat paradoxically (based on the definition above) limiting the uses of the Web as well. (Note the fine line being walked - I agree with Kieth's motivation to warn people about the possibility of these things when they use HTTP as a substrate). Now to catch up on the jetlag... -- Mark Nottingham, Research Scientist Akamai Technologies (San Mateo, CA USA)
Received on Friday, 10 August 2001 23:47:12 UTC