[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP

I don't see what you mean by 'originally intended'.

Back in 1992 I was looking at the use of HTTP to control a physics experiment. The idea that the Web was simply a publication tool had not yet taken hold. At the time we had less than 100 Web users. So I think it counts as original intent.


>From a security point of view I am much more interested in improving the security of the Internet, rather than an Internet architecture that is likely to be ignored as impractical.

If we tell people not to use port 80 they will simply ignore us and use port 80 anyway. When Java first appeared on the Web I tried to persuade Gosling that Java content should be tagged application/java and not try to bypass content firewalls by tagging itself application/data. He ignored me even though it would have cost nothing to make the change at that point.

If on the other hand we give people a mechanism that they can use and which provides them with real benefits over raw port 80 we can persuade them down that route. A platform designer is not going to prevent Web Services being deployed on port 80 no matter what the IAB says. But a platform designer could possibly be persuaded to implement a Web Service connect call that employed the SRV mechanism by default, thus taking advantage of the load sharing capabilities it offers.


> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke at gmx.de] 
> Sent: Tuesday, October 09, 2007 11:47 AM
> To: Hallam-Baker, Phillip
> Cc: Chris.Newman at Sun.COM; Hannes Tschofenig; 
> apps-REVIEW at ietf.org; keyprov at ietf.org
> Subject: Re: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP 
> Binding for DSKPP
> 
> Hallam-Baker, Phillip wrote:
> > ...
> >> However, I will observe that the IETF WebDAV family of 
> protocols has 
> >> gone in a quite different direction from the SOAP over HTTP web 
> >> services protocols.  So our use of port 80 is already not in sync 
> >> with the rest of the web services world.
> > 
> > WebDav started a long time ago, well before anyone was 
> talking about SOAP or Web Services as a stack.
> > ...
> 
> I guess part of the problem is to distinguish between protocols that
> *use* HTTP the way it was designed to be used (auch as WebDAV or
> AtomPub) from protocols that just use HTTP as a transport 
> layer (SOAP & friends).
> 
> Both WebDAV and AtomPub both use HTTP to edit/author HTTP resources. 
> IMHO there's no point in running these operations on a 
> different port from the one the resulting resources can be 
> retrieved from.
> 
> Best regards, Julian
> 


_______________________________________________
APPS-REVIEW mailing list
APPS-REVIEW at ietf.org
https://www1.ietf.org/mailman/listinfo/apps-review