- From: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>
- Date: Mon, 10 Feb 97 13:52:42 -0800
- To: Mark Shuttleworth <marks@thawte.com>
- cc: Paul Foster <pfoster@ml.com>, ssl-talk@netscape.com, ietf-tls@w3.org
> > Doesn't SSL/TLS over HTTP (aka HTTPS) set a precedent by using > > port 443instead of 80? Shouldn't this issue be resolved by > > now? > Considering SSL/TLS is being proposed for protocols other than HTTP, no. Several existing protocols perform security negotiation over the same port and predate SSL/TLS. There are proposals that predate the SSL/TLS proposal and have their own momentum, such as draft-myers-auth-sasl-07.txt, last revised December 1996. > Yes it does, but it's not so bad. > > 1. HTTP *has* to be as lightweight as possible. If you used a trigger > like I just described you'd add another round trip at least. > Finally. A reasonable technical argument to support port mirrors, but only for protocols such as http. :) > 2. The core part of the HTTP request comes on the first command from the > client to the server (the "GET" or "POST" or "PUT" etc.) so there's > not that much room to squeeze a trigger in. > > For a critical, fast, lightweight protocol like HTTP even the > purists can probably make an exception ;-) > -dpg
Received on Monday, 10 February 1997 16:51:28 UTC