[whatwg] web-apps - TCPConnection from Michael Gratton on 2005-10-17 (public-whatwg-archive@w3.org from October 2005)

From: Michael Gratton <michael@quuxo.com>
Date: Mon, 17 Oct 2005 19:06:59 +0930
Message-ID: <1129541819.32668.31.camel@localhost.localdomain>

On Mon, 2005-10-17 at 05:27 +0000, Ian Hickson wrote:
> It's not intended to use port 80 only; where does it say that? That's an
> error. It is intended to be usable on ports 80, 443, and anything greater
> than 1024. (80 and 443 to attempt to tunnel out of psychotic firewalls,

ObFirewallsExistForAReasonRant: But then you are trying to subvert the
entire point of the firewall in the first place, which is just going to
annoy network admins. If they don't already have a proxy in place they
will put one in pretty quick. XML-RPC and SOAP constitute similar
annoyances.

As soon as there is a proxy in the way, these TCP connections over port
80 and 443 will break. Many ISPs use transparent proxies for all HTTP
traffic anyway, so (admittedly without any sort of figures to back this
up) it is likely that many, if not most attempts to open a non-HTTP TCP
connection on port 80 and 443 will just not work.

If the spec allows connections on 80 or 443, then it will encourage
developers to use those ports. For anyone behind a firewall they likely
won't be able to use it anyway and those that are behind a transparent
proxy will wonder why it doesn't work, even through they do not have a
web browser configured to use a proxy.

I would suggest the spec should just require all connections be made on
ports above 1024. It will make it clear to people behind a firewall that
they will need to get a hole made to use the web app and avoids the
problem with transparent proxies.

(Not to mention that overloading those two ports with a new protocol is
pretty poor form in general, anyway.)

/Mike

--
Michael Gratton, Software Architect.
Quuxo Software <http://web.quuxo.com/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20051017/766d6663/attachment.pgp>

Received on Monday, 17 October 2005 02:36:59 UTC