- From: Jon Hanna <jon@hackcraft.net>
- Date: Fri, 09 Mar 2007 15:34:11 +0000
- To: Jacek Kopecky <jacek.kopecky@deri.org>
- CC: Chris Wilper <cwilper@cs.cornell.edu>, Tim Berners-Lee <timbl@w3.org>, www-tag@w3.org
Jacek Kopecky wrote: > You say "application protocol" layer is cleanly defined in the IP stack, > and then you say that you can include SSL under another protocol (e.g. > under HTTP to get HTTPS). But then, on which layer is SSL? It's built on > top of TCP, but used under HTTPS just like TCP is used under HTTP. And > HTTPs is on the same layer as HTTP, I assume. I don't think that's a problem. If an application protocol acts like a transport protocol to what is above it then I don't think anything's broken. If SSL wasn't designed to be used as a transport protocol by what is above it, then that would be different. > So it seems to me that the two properties above collide in their > value2web fields, and frankly, I'd drop the first property, "clean layer > model", because I don't think it is. It may be a "simple layered model", > but I think that's the point of the second property. That HTTP doesn't need to know that it is sitting on top of SSL, TLS, TCP or something invented tomorrow seems like a clean model to me. The fact that HTTPS is defined and named differently I don't think is clean. (IIRC, it would now be against IESG policy to give it a different port number to HTTP and I understand [though my knowledge here isn't great, and I'll be dropping out of this thread once it's gone past blue-sky suggestions] that this isn't unrelated to the lack of cleanliness here).
Received on Friday, 9 March 2007 15:35:23 UTC