W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2021

Re: Port 80 deprecation

From: Paul Vixie <paul@redbarn.org>
Date: Sat, 5 Jun 2021 18:07:30 +0000
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Toerless Eckert <tte@cs.fau.de>, ietf-http-wg@w3.org
Message-ID: <20210605180730.zc4reqk7zquu5xen@family.redbarn.org>
just be aware that i can't get a "localhost" certificate from an X.509 CA, and
that the overhead of running an in-house CA just to accomplish this unneccessary
purpose so that i can encrypt and decrypt data between processes who share a CPU,
is unthinkable. (the plaintext will be visible inside the process endpoints, so
there are literally not "on-path advesaries" to protect against.)

for web-style API's inside a system image or hypervisor, TLS will mostly not be
used. where it is used, global/universal domain names and IP addresses will have
to be used (to get the X.509 CA system to work), or a private CA will be used.
this would be all cost no benefit, so, infinitely bad cost:benefit ratio. "nope."

HTTP over TCP/80 is forever. but we can say something else if politically nec'y,
but that outcome will not change. i've already had to avoid a GoLang SMTP module
which had no non-SMTPS outbound capability and so could not talk to my private
PostFix server. the TLS-uber-alles mantra is going to lead to some real trouble.

-- 
Paul Vixie
Received on Saturday, 5 June 2021 18:08:33 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 5 June 2021 18:08:53 UTC