IETF Logo Mail Archive

Re: Port 80 deprecation

Paul Vixie <paul@redbarn.org> Thu, 03 June 2021 04:12 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C95EB3A2814 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Jun 2021 21:12:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.649
X-Spam-Level:
X-Spam-Status: No, score=-2.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCF2cpjVYIfV for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Jun 2021 21:12:52 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AD233A2812 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 2 Jun 2021 21:12:51 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1loecu-0008O1-Eu for ietf-http-wg-dist@listhub.w3.org; Thu, 03 Jun 2021 04:06:47 +0000
Resent-Date: Thu, 03 Jun 2021 04:06:36 +0000
Resent-Message-Id: <E1loecu-0008O1-Eu@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <vixie@redbarn.org>) id 1loebx-0008IP-7P for ietf-http-wg@listhub.w3.org; Thu, 03 Jun 2021 04:05:46 +0000
Received: from family.redbarn.org ([24.104.150.213]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <vixie@redbarn.org>) id 1loebo-0001uG-HP for ietf-http-wg@w3.org; Thu, 03 Jun 2021 04:05:31 +0000
Received: by family.redbarn.org (Postfix, from userid 716) id 920CB7599B; Thu, 3 Jun 2021 04:05:15 +0000 (UTC)
Date: Thu, 03 Jun 2021 04:05:15 +0000
From: Paul Vixie <paul@redbarn.org>
To: "Soni L." <fakedme+http@gmail.com>
Cc: ietf-http-wg@w3.org
Message-ID: <20210603040515.qqigadhzrzdbozxu@family.redbarn.org>
References: <41fb81f5-4978-f8da-d0de-7af26cd20e74@gmail.com> <em31279999-b222-49d5-8243-8ec47f667f6e@bombadil> <20210603021542.wjwkk7kq4axoterj@family.redbarn.org> <6fb42e70-2e00-f978-fd59-88ce669e1a91@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <6fb42e70-2e00-f978-fd59-88ce669e1a91@gmail.com>
Received-SPF: pass client-ip=24.104.150.213; envelope-from=vixie@redbarn.org; helo=family.redbarn.org
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1loebo-0001uG-HP 0d6a3ba7eab712addeb7f01d602c17cf
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Port 80 deprecation
Archived-At: <https://www.w3.org/mid/20210603040515.qqigadhzrzdbozxu@family.redbarn.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38843
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, Jun 02, 2021 at 11:54:55PM -0300, Soni L. wrote:
> On 2021-06-02 11:15 p.m., Paul Vixie wrote:
> > TCP/80 will remain in use for vm-internal and hypervisor-scale API's
> > for much longer than 50 years. it's nice that we have a null-crypto
> > option on TCP/443 now, but negotiating that across shared silicon when
> > the endpoints all share a von neumann domain is complexity we would
> > never be grateful for. it may also have a long life on disconnected
> > LANs.
>
> Have you heard of asymmetric PAKE (TLS-SRP)? It's kinda, perfect for LAN
> (and by extension VM-internal/hypervisor-scale). Would be great to
> replace TCP/80 with PAKEs on TCP/443 and UDP/443.

forgive me for referring to it informally as "a null-crypto option on
TCP/443" above. but yes, i know about that.

> There are definitely enough paths for the deprecation of TCP/80. We just
> have to use them. Less error prone than DIY CA and doesn't involve
> configuring null-crypto.

non-upgradable devices will never go out of style. this installed base is
not subject to deprecation pressure. industrial control systems are far less
tractible than web browsers.

the analogue to this is IPv4. at some point the IETF said, everybody should
switch to IPv6, and to facilitate that, there will be no more protocol
enhancement actions to IPv4. if you want to innovate, do it in IPv6.

we could say that about TCP/80. but we won't be taken seriously if use the
word "deprecate".

-- 
Paul Vixie

v2.23.0 | Report a Bug | By Email