IETF Logo Mail Archive

Re: Upgrade status for impl draft 1

Eliot Lear <lear@cisco.com> Thu, 28 February 2013 07:33 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5221821F8B33 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 27 Feb 2013 23:33:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.593
X-Spam-Level:
X-Spam-Status: No, score=-10.593 tagged_above=-999 required=5 tests=[AWL=0.005, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, WEIRD_PORT=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-vnqeL6EvKC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 27 Feb 2013 23:32:59 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 5FD2221F8B2F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 27 Feb 2013 23:32:59 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UAxyN-0000Ky-J6 for ietf-http-wg-dist@listhub.w3.org; Thu, 28 Feb 2013 07:32:11 +0000
Resent-Date: Thu, 28 Feb 2013 07:32:11 +0000
Resent-Message-Id: <E1UAxyN-0000Ky-J6@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <lear@cisco.com>) id 1UAxyE-0000Je-17 for ietf-http-wg@listhub.w3.org; Thu, 28 Feb 2013 07:32:02 +0000
Received: from ams-iport-1.cisco.com ([144.254.224.140]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <lear@cisco.com>) id 1UAxyC-00066v-Nb for ietf-http-wg@w3.org; Thu, 28 Feb 2013 07:32:01 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=705; q=dns/txt; s=iport; t=1362036720; x=1363246320; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=rQgsGe5rRPsdMf2vwDv3bHtZ0uDS/oyLbFWhpSHLByA=; b=hKWKJ/2Y1OKuxfi86Y0fe/GzehBZFU4KP67nLz+wK6UsUdOlsYDD23Aq kevOEiq8NfZo2tW+RZtIwEzYgxH3xEDgbvu0Fw7wC290Vu+CT5btOyq72 oMbeTJ11licAggrphL5Ai4bVUl6QtE/bHXtlxEh3FsSnV0ff/lXpM7cxF U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkMFABYHL1GQ/khN/2dsb2JhbABFhghHu2B6FnOCHwEBAQMBI1UBEAsODAIFFgsCAgkDAgECAUUGDQEHAQGICQavCpJcgSONcQeCLYETA5ZBkGqDCQ
X-IronPort-AV: E=Sophos;i="4.84,753,1355097600"; d="scan'208";a="151016028"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-1.cisco.com with ESMTP; 28 Feb 2013 07:31:34 +0000
Received: from dhcp-10-61-98-134.cisco.com (dhcp-10-61-98-134.cisco.com [10.61.98.134]) by ams-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r1S7VXQ3008122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 28 Feb 2013 07:31:34 GMT
Message-ID: <512F07D5.7040107@cisco.com>
Date: Thu, 28 Feb 2013 08:31:33 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: Amos Jeffries <squid3@treenet.co.nz>
CC: ietf-http-wg@w3.org
References: <B0FC9D1E-08EF-4275-9851-C8F33F24FF00@mnot.net> <CAA4WUYgGD2XWRH0xXYJOR7zY16hf2w+d4XTVk8_rx+DV5iG3Ug@mail.gmail.com> <512DA753.4040402@cisco.com> <CA+9kkMDYyWcOpHH+ngG4pQNhGu50ZafeBhBofTZiobj4nvCz3A@mail.gmail.com> <512E7E57.8040102@cisco.com> <CA+9kkMD_kzgzUvOOxvXSg_uj1TEcioNPwBhq694LwJ2VP3Q-NA@mail.gmail.com> <512EF20C.9030905@treenet.co.nz>
In-Reply-To: <512EF20C.9030905@treenet.co.nz>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=144.254.224.140; envelope-from=lear@cisco.com; helo=ams-iport-1.cisco.com
X-W3C-Hub-Spam-Status: No, score=-13.6
X-W3C-Hub-Spam-Report: AWL=-0.266, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.704, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, WEIRD_PORT=0.001
X-W3C-Scan-Sig: lisa.w3.org 1UAxyC-00066v-Nb 85e35512a61074d996e2e0f5a598726d
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Upgrade status for impl draft 1
Archived-At: <http://www.w3.org/mid/512F07D5.7040107@cisco.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/16933
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 2/28/13 6:58 AM, Amos Jeffries wrote:

>
> Can we take a step back folks and outline _exactly_ what it is that
> needs protecting here?
>
>  - the datum responded by DNS?
>  - the HTTP channel?
>

The case we're talking about is where http://www.example.com:8080 and
https://www.example.com:4343 have the exact same content and services. 
You don't want a man in the middle to be able to force clients to 8080
when a more secure encrypted service is advertised.  One simple way
around this is not to have 8080 available for this purpose.  Otherwise,
you want to ensure the information you are getting from the DNS is
accurate and complete.  DNSSEC provides that capability.

Eliot

v2.23.0 | Report a Bug | By Email