W3C home > Mailing lists > Public > ietf-tls@w3.org > January to March 1997

Re: IP Ports vs. Negotiation

From: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>
Date: Mon, 10 Feb 97 13:52:42 -0800
Message-Id: <199702102152.NAA13215@imo.plaintalk.bellevue.wa.us>
To: Mark Shuttleworth <marks@thawte.com>
cc: Paul Foster <pfoster@ml.com>, ssl-talk@netscape.com, ietf-tls@w3.org

> > Doesn't SSL/TLS over HTTP (aka HTTPS) set a precedent by using
> > port 443instead of 80? Shouldn't this issue be resolved by
> > now?

Considering SSL/TLS is being proposed for protocols other
than HTTP, no. Several existing protocols perform security
negotiation over the same port and predate SSL/TLS. There are
proposals that predate the SSL/TLS proposal and have their own
momentum, such as draft-myers-auth-sasl-07.txt, last
revised December 1996.

> Yes it does,  but it's not so bad.
>   1. HTTP *has* to be as lightweight as possible.  If you used a trigger
>      like I just described you'd add another round trip at least.

Finally. A reasonable technical argument to support port
mirrors, but only for protocols such as http. :)

>   2. The core part of the HTTP request comes on the first command from the
>      client to the server (the "GET" or "POST" or "PUT" etc.) so there's
>      not that much room to squeeze a trigger in.
> For a critical, fast, lightweight protocol like HTTP even the
> purists can probably make an exception ;-)

Received on Monday, 10 February 1997 16:51:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC