IETF Logo Mail Archive

Re: [hybi] workability (or otherwise) of HTTP upgrade

Mark Nottingham <mnot@mnot.net> Wed, 08 December 2010 00:03 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 23CAC3A68A6 for <hybi@core3.amsl.com>; Tue, 7 Dec 2010 16:03:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.651
X-Spam-Level:
X-Spam-Status: No, score=-104.651 tagged_above=-999 required=5 tests=[AWL=-2.052, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20rC3ewaKstb for <hybi@core3.amsl.com>; Tue, 7 Dec 2010 16:03:01 -0800 (PST)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by core3.amsl.com (Postfix) with ESMTP id 1B2613A68A3 for <hybi@ietf.org>; Tue, 7 Dec 2010 16:03:00 -0800 (PST)
Received: from chancetrain-lm.mnot.net (unknown [118.209.2.20]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 607DF22E257; Tue, 7 Dec 2010 19:04:19 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <ED92A0E0-F6F5-4049-900B-67AFF11B9425@apple.com>
Date: Wed, 08 Dec 2010 11:04:15 +1100
Content-Transfer-Encoding: quoted-printable
Message-Id: <002947D8-5CE7-4390-8907-B4BE1BE48B83@mnot.net>
References: <AANLkTin6=8_Bhn2YseoSHGh1OSkQzsYrTW=fMiPvYps1@mail.gmail.com> <20101126000352.ad396b9a.eric@bisonsystems.net> <AANLkTimzQyG4hugOvHqoNrBrZFA4fGbGXQ7MZ2i+68dO@mail.gmail.com> <BB947F6D-15AA-455D-B830-5E12C80C1ACD@mnot.net> <81870DB1-B177-4253-8233-52C4168BE99D@apple.com> <F4D1B715-3606-4E9A-BFB2-8B7BC11BE331@mnot.net> <57D4B885-B1D8-482F-8747-6460C0FFF166@apple.com> <37A00E8D-B55C-49AD-A85C-A299C80FFF17@mnot.net> <4F2580A7-79C2-4B0A-BCE5-7FB6D9AA0ED7@apple.com> <AANLkTimDtvq1+C2XPrzpEntSuRz-r183sifx3j7ojk4j@mail.gmail.com> <ED92A0E0-F6F5-4049-900B-67AFF11B9425@apple.com>
To: Maciej Stachowiak <mjs@apple.com>
X-Mailer: Apple Mail (2.1082)
Cc: hybi HTTP <hybi@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: [hybi] workability (or otherwise) of HTTP upgrade
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2010 00:03:02 -0000

On 07/12/2010, at 7:07 PM, Maciej Stachowiak wrote:

> It might be worth testing a new port (not 80 or 443 or any other well-known port) for success rate. It would also be worthwhile comparing TLS over port 443. It may be that 443 is the only option that gives a resonable success rate.


+1, although I'd reiterate that defining a new default port would be a nice balance, in that people could still specify 443 in the URL, yet we wouldn't be explicitly promoting the circumvention of firewalls (which IMO isn't going to get past IETF review).

The problem with using port 80 is that it's a catch-22; using it gets you past most firewalls, because it has a well-known protocol on it, but because it has a well-known protocol on it, people interpose devices that make assumptions about the protocol being spoken. We can bend the protocol in lots of ways to try to work around that, but by nature it's going to be inexact and brittle to do so.

--
Mark Nottingham   http://www.mnot.net/

v2.23.0 | Report a Bug | By Email