- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 1 Dec 2010 09:45:09 -0800
- To: William A. Rowe Jr. <wrowe@rowe-clan.net>
- Cc: Hybi HTTP <hybi@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
On Dec 1, 2010, at 1:30 AM, William A. Rowe Jr. wrote: > On 11/26/2010 6:55 AM, Greg Wilkins wrote: >> >> And do you get similar feeling to think about using the CONNECT method >> to establish tunnels for arbitrary protocols? > > CONNECT suffers from the same issues you identify is deploying a new port. > Namely, http servers will reject those requests. Leveraging CONNECT > successfully would require additional HTTP-level authentication to identify > users and prevent abuse (as most proxies do). Restructuring the internet, > whether it is adding a new port to unblock, or permitting specific classes > of CONNECT traffic, would be a similar battle. Perhaps more to the point, CONNECT is a method that is only allowed to be sent to a client-side proxy server. Deliberately sending it in other HTTP messages would be a violation of its method semantics and the HTTP/1.1 syntax (because its unusual target syntax is only allowed when sent to a proxy). ....Roy
Received on Wednesday, 1 December 2010 17:45:39 UTC