- From: Mark Shuttleworth <marks@thawte.com>
- Date: Fri, 7 Feb 1997 10:59:51 +0200 (SAT)
- To: billo@server.net
- cc: chk@gnu.ai.mit.edu, ietf-tls@w3.org
Hiya Most protocols have a clearly defined server response to unknown client requests (much like the HTML "if you don't know it ignore it" rule). IOW, if a news server gets a strange command from a client, the protocol says it must return with something like "500 Que?". "nntps" just means "establish a secure news connection. fail if you cannot". Whether that secure connection goes to the same or a different port is immaterial. Saying that the same port is more subject to DOS attacks is silly: you wouldn;t expect Navigator to connect to port 80 if port 443 failed, would you? I think all: - command oriented - interactive protocols (NNTP, SMTP, POP3, IMAP4 etc) can be upgraded to support TLS negotiation just by the addition of a single client command. Making the server be able to initiate secure session negotiation is harder because most of these protocols are client-driven. But I'll comment further on Monday. -- Mark Shuttleworth Thawte Consulting
Received on Friday, 7 February 1997 04:00:34 UTC