- From: Paul Vixie <paul@redbarn.org>
- Date: Thu, 3 Jun 2021 04:05:15 +0000
- To: "Soni L." <fakedme+http@gmail.com>
- Cc: ietf-http-wg@w3.org
On Wed, Jun 02, 2021 at 11:54:55PM -0300, Soni L. wrote: > On 2021-06-02 11:15 p.m., Paul Vixie wrote: > > TCP/80 will remain in use for vm-internal and hypervisor-scale API's > > for much longer than 50 years. it's nice that we have a null-crypto > > option on TCP/443 now, but negotiating that across shared silicon when > > the endpoints all share a von neumann domain is complexity we would > > never be grateful for. it may also have a long life on disconnected > > LANs. > > Have you heard of asymmetric PAKE (TLS-SRP)? It's kinda, perfect for LAN > (and by extension VM-internal/hypervisor-scale). Would be great to > replace TCP/80 with PAKEs on TCP/443 and UDP/443. forgive me for referring to it informally as "a null-crypto option on TCP/443" above. but yes, i know about that. > There are definitely enough paths for the deprecation of TCP/80. We just > have to use them. Less error prone than DIY CA and doesn't involve > configuring null-crypto. non-upgradable devices will never go out of style. this installed base is not subject to deprecation pressure. industrial control systems are far less tractible than web browsers. the analogue to this is IPv4. at some point the IETF said, everybody should switch to IPv6, and to facilitate that, there will be no more protocol enhancement actions to IPv4. if you want to innovate, do it in IPv6. we could say that about TCP/80. but we won't be taken seriously if use the word "deprecate". -- Paul Vixie
Received on Thursday, 3 June 2021 04:05:53 UTC