Re: IP Ports vs. Negotiation

> > Doesn't SSL/TLS over HTTP (aka HTTPS) set a precedent by using
> > port 443instead of 80? Shouldn't this issue be resolved by
> > now?

Considering SSL/TLS is being proposed for protocols other
than HTTP, no. Several existing protocols perform security
negotiation over the same port and predate SSL/TLS. There are
proposals that predate the SSL/TLS proposal and have their own
momentum, such as draft-myers-auth-sasl-07.txt, last
revised December 1996.

> Yes it does,  but it's not so bad.
>   1. HTTP *has* to be as lightweight as possible.  If you used a trigger
>      like I just described you'd add another round trip at least.

Finally. A reasonable technical argument to support port
mirrors, but only for protocols such as http. :)

>   2. The core part of the HTTP request comes on the first command from the
>      client to the server (the "GET" or "POST" or "PUT" etc.) so there's
>      not that much room to squeeze a trigger in.
> For a critical, fast, lightweight protocol like HTTP even the
> purists can probably make an exception ;-)


Received on Monday, 10 February 1997 16:51:28 UTC