IETF Logo Mail Archive

Re: Port 80 deprecation

Willy Tarreau <w@1wt.eu> Thu, 03 June 2021 03:30 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEEB03A26D9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Jun 2021 20:30:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.65
X-Spam-Level:
X-Spam-Status: No, score=-2.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FVbn8XuQu3Ht for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Jun 2021 20:30:40 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 141453A26D8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 2 Jun 2021 20:30:39 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1lodz4-0001uv-6V for ietf-http-wg-dist@listhub.w3.org; Thu, 03 Jun 2021 03:25:32 +0000
Resent-Date: Thu, 03 Jun 2021 03:25:26 +0000
Resent-Message-Id: <E1lodz4-0001uv-6V@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <w@1wt.eu>) id 1lodw6-0001UT-Vy for ietf-http-wg@listhub.w3.org; Thu, 03 Jun 2021 03:22:35 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by titan.w3.org with esmtp (Exim 4.92) (envelope-from <w@1wt.eu>) id 1lodvy-00011z-Tj for ietf-http-wg@w3.org; Thu, 03 Jun 2021 03:22:20 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 1533M17Z013762; Thu, 3 Jun 2021 05:22:01 +0200
Date: Thu, 03 Jun 2021 05:22:01 +0200
From: Willy Tarreau <w@1wt.eu>
To: "Soni L." <fakedme+http@gmail.com>
Cc: ietf-http-wg@w3.org
Message-ID: <20210603032201.GA13754@1wt.eu>
References: <41fb81f5-4978-f8da-d0de-7af26cd20e74@gmail.com> <em31279999-b222-49d5-8243-8ec47f667f6e@bombadil> <20210603021542.wjwkk7kq4axoterj@family.redbarn.org> <6fb42e70-2e00-f978-fd59-88ce669e1a91@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <6fb42e70-2e00-f978-fd59-88ce669e1a91@gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1lodvy-00011z-Tj a080a8519d172547a27bcd8c7a539b0c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Port 80 deprecation
Archived-At: <https://www.w3.org/mid/20210603032201.GA13754@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38842
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, Jun 02, 2021 at 11:54:55PM -0300, Soni L. wrote:
> 
> 
> On 2021-06-02 11:15 p.m., Paul Vixie wrote:
> > On Thu, Jun 03, 2021 at 12:23:08AM +0000, Adrien de Croy wrote:
> > > 
> > > Let's not get ahead of ourselves.
> > > 
> > > Port 80 is still heavily used.
> > > 
> > > Suggest revisiting this idea in maybe 50 years.
> >
> > TCP/80 will remain in use for vm-internal and hypervisor-scale API's
> > for much longer than 50 years. it's nice that we have a null-crypto
> > option on TCP/443 now, but negotiating that across shared silicon when
> > the endpoints all share a von neumann domain is complexity we would
> > never be grateful for. it may also have a long life on disconnected
> > LANs.
> >
> > so, +2.
> >
> Have you heard of asymmetric PAKE (TLS-SRP)? It's kinda, perfect for LAN
> (and by extension VM-internal/hypervisor-scale). Would be great to
> replace TCP/80 with PAKEs on TCP/443 and UDP/443.

You seem to be in favor of purposely ignoring 30 years of deployed
components, applications and contents that are readily available and
working fine and that don't need to be trashed every single time a
new protocol extension suggests it could work for them.

I know that destroying human-created digital contents will be the
specificity of the 21th century but I don't see any compelling reason
for accelerating this (sad) trend. What is accessible can remain
accessible for as long as there are people interested in it.

Instead maybe you should write an article recommending the use of TLS-SRP
for a number of use cases where you think it will provide a benefit
over using port 80 (or clear communication over any other port), but
I think you'll have to orient it towards "if you were considering
deploying over 80 to avoid the hassle of configuring and managing
TLS, there's another option that might work for you".

Regards,
Willy

v2.23.0 | Report a Bug | By Email