httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: Upcoming 'Upgrade' draft
Date Fri, 16 Jul 1999 17:49:39 GMT
Rodent of Unusual Size wrote:
> 
> This may be old news, but it was new to me..
> 
> At the Security Area open meeting yesterday at IETF-45, Rohit Khare mentioned
> an upcoming draft defining an extension permitting a transaction to
> open with HTTP, and then 'upgrade' to something like HTTPS.  As I
> recall, the user agent would make an 'OPTIONS *' request with an
> 'Upgrade: https' header field, and if the response indicated an
> upgrade were possible, the user agent and server could negociate
> to switch to HTTPS.  Or whatever.

"negotiate" dammit!

> I have have totally hashed this (it's a day later with not enough
> sleep intervening), but I think the idea was to break the
> HTTPS/port443 (and similar) forced association.

Yep, it has been mandated that using ports to choose SSL/TLS is a Bad
Thing, and the upgrade should done "inline".

There's a similar thing for SMTP, too.

> Well, anyway, it sounded kinda cool.  FWIW.

Not entirely convinced, but I buy the port bloat argument.

Cheersm

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi

Mime
View raw message