- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 7 Jan 2002 12:48:40 -0800
- To: Mark Baker <distobj@acm.org>
- Cc: Henrik Frystyk Nielsen <henrikn@microsoft.com>, Krishna Sankar <ksankar@cisco.com>, xml-dist-app@w3.org
IIRC this was discussed at the F2F as well. Defining a new port gets us into the morass of defining what an HTTP application is, what the semantics of a port are, etc. I would strongly urge the group not to pursue this; although it seems like a good/friendly thing to do, it encourages people to trust (or not trust) traffic by port, which is unrealistic and dangerous. On Mon, Jan 07, 2002 at 12:43:02PM -0500, Mark Baker wrote: > > IIRC, we decided [3] to keep the port and have a security section in the > > HTTP binding section warning about the dangers of using SOAP over HTTP > > in general and in particular about the port issue. > > It looks like at that f2f, Mark's "Proposal One" was adopted; > > Dedicate a sizeable portion of text warning of the dangers of using > the default port, and encouraging the use of an alternate port when > possible. > > Which is great from my POV. But I don't think that precludes us > defining an alternate port in the default HTTP binding that folks can > use in place of 80. But I don't have strong feelings one way or the > other. It would only be for convenience. > > MB > -- > Mark Baker, Chief Science Officer, Planetfred, Inc. > Ottawa, Ontario, CANADA. mbaker@planetfred.com > http://www.markbaker.ca http://www.planetfred.com > -- Mark Nottingham http://www.mnot.net/
Received on Monday, 7 January 2002 15:48:43 UTC