httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: SSL + name based virtual hosting
Date Tue, 21 Dec 2004 04:14:48 GMT
Enrico Weigelt wrote:
> * William A. Rowe, Jr. <wrowe@rowe-clan.net> wrote:
> 
> <snip>
> 
>>http://www.ietf.org/rfc/rfc2817.txt
>>
>>spells out methods that the server can -insist- that an upgraded
>>connection is used, and the client can instigate an upgraded
>>connection as well even if the server doesn't require it.
>>
>>But under no conditions is https:// valid for an upgraded
>>connection.  The connection never left port 80.  The scheme
>>http:// describes a connection to (default) port 80 started 
>>as clear text, while the https:// scheme describes an explicit 
>>SSL connection to (default) port 443.  Upgrade is an addendum
>>to the http:// scheme.
> 
> 
> What fools are sitting there in the IETF ?!
> Couldn't they just define a new protocol (probably running on its
> own port) which allows specifying additional headers *before*
> SSL handshake starts or another SSL version, which allows passing
> additional info from client->server before certs are exchanged/checked ?
> Life could be so easy this way - probably too easy ...
> 
> Well, that were the same folks who invented IPSEC, which is not 
> NAT'able.
> 
> It seems its the "we have enough IP addresses"-sickness ...
> 
> 
> ... its time to completely redesign HTTP ...

There's a well-known solution to this issue: STARTTLS. When you've 
written the RFCs and persuaded everyone to adopt them, let us know.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message