- From: Bob Beck <beck@cs.ualberta.ca>
- Date: Mon, 10 Feb 1997 15:01:41 -0700 (MST)
- To: marks@thawte.com (Mark Shuttleworth)
- Cc: pfoster@ml.com, ssl-talk@netscape.com, ietf-tls@w3.org
> > > > Doesn't SSL/TLS over HTTP (aka HTTPS) set a precedent by using port 443 > > instead of 80? Shouldn't this issue be resolved by now? > > Yes it does, but it's not so bad. > > 1. HTTP *has* to be as lightweight as possible. If you used a trigger > like I just described you'd add another round trip at least. > > 2. The core part of the HTTP request comes on the first command from the > client to the server (the "GET" or "POST" or "PUT" etc.) so there's > not that much room to squeeze a trigger in. Sure there is, you just send a modified request rather than sending the same request to a modified port. However this means the http spec people who write the http standards, and all the browser writers who make their own up have to be brought into the equation to change the world "just because". It'll be a bit cold underfoot when that happens > > For a critical, fast, lightweight protocol like HTTP even the purists > can probably make an exception ;-) > Well, that and unlike telnet, it usually isn't supposed to be used to allow high level access to your system :-) Notwithstanding that It's already here and therefore would be damn near impossible to change. That fact doesn't mean you need to do this for other protocols (like telnet, ftp, etc) where you can easily do it with negotiation, Particularly considering there are already implementations that will do this for you. -Bob
Received on Monday, 10 February 1997 17:00:53 UTC