- From: Roy T. Fielding <fielding@kiwi.ics.uci.edu>
- Date: Tue, 06 Jan 1998 21:53:36 -0800
- To: Richard Gray <rlgray@us.ibm.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
In message <5040300010707145000002L052*@MHS>, Richard Gray writes: >I am having some problems in finding appropriate documentation on how the HTTP >1.1 MUST requirement for absolute URI is implemented when using secure sockets >layer (SSL). > >The question is what I should expect as an origin server in the absolute URL. > >The href in the HTML document the origin server sends to the browser would >typically have an https://hostname/path coded to indicate to the browser to use >SSL, but what is the absolute URL that the origin server would receive in this >case? > >Is it: >...... http://hostname/path > >or : >..... https://hostname/path The https URL. >If the href were coded as http://hostname:443/path, it would be unambiguous. Not really -- that is an unambiguous URL for an http namespace. Keep in mind that the scheme describes the namespace, not the protocol, and so that URL describes the name "/path" for the "http" name resolver at the network server hostname and TCP port 443. That server might be able to respond using either SSL or raw HTTP, though hopefully not for the same resources. >If it is https that would be received, then I hope we can add such a comment >to the HTTP RFC, or else clarify that in the URL replacement RFC. At some point there will need to be an "http" and "https" URL document. ....Roy
Received on Tuesday, 6 January 1998 22:09:55 UTC