Re: something I don't get about the current plan...

On Sun, Nov 17, 2013 at 02:34:07PM -0800, Roberto Peon wrote:
> That is fairly sad. I was able to do this with a shell script and 20
> seconds of thought the other day.
> In any case, I think that Mike was talking about the ability of a properly
> implemented endpoint to traverse the internet reliably.

I know a number of places (mostly in corporate environments) where you
can't openly access 443 until the site is white-listed. So the benefit
is not on this specific point.

What is interesting however is that most of the time the port is open
to *somewhere*, directly, via an MITM box or via a filtering proxy
which rejects the access. So in almost all cases we can get a quick
response on 443 with a certain confidence. For example, an MITM box
will not blindly advertise HTTP/2.0 with ALPN in the handshake if it
is not aware of this new protocol.

So I'd say that you can trust better what you *see* on port 443 than
what you *see* on 80, which in turn has far more chances of being
opened and respond quickly than a new port, while being less


Received on Monday, 18 November 2013 05:20:33 UTC