httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: SSL + name based virtual hosting
Date Tue, 21 Dec 2004 04:14:48 GMT
Enrico Weigelt wrote:
> * William A. Rowe, Jr. <> wrote:
> <snip>
>>spells out methods that the server can -insist- that an upgraded
>>connection is used, and the client can instigate an upgraded
>>connection as well even if the server doesn't require it.
>>But under no conditions is https:// valid for an upgraded
>>connection.  The connection never left port 80.  The scheme
>>http:// describes a connection to (default) port 80 started 
>>as clear text, while the https:// scheme describes an explicit 
>>SSL connection to (default) port 443.  Upgrade is an addendum
>>to the http:// scheme.
> What fools are sitting there in the IETF ?!
> Couldn't they just define a new protocol (probably running on its
> own port) which allows specifying additional headers *before*
> SSL handshake starts or another SSL version, which allows passing
> additional info from client->server before certs are exchanged/checked ?
> Life could be so easy this way - probably too easy ...
> Well, that were the same folks who invented IPSEC, which is not 
> NAT'able.
> It seems its the "we have enough IP addresses"-sickness ...
> ... its time to completely redesign HTTP ...

There's a well-known solution to this issue: STARTTLS. When you've 
written the RFCs and persuaded everyone to adopt them, let us know.


"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

View raw message