On Feb 5, 2010, at 12:23 AM, Lars Eggert wrote: Hi, On 2010-2-4, at 11:52, Martin J. Dürst wrote: On 2010/02/02 8:47, Ian Hickson wrote:
* Using ports 81/815 instead of 80/443 would be ideal, but IANA said that
if we look like HTTP, we must use ports 80/443.
I'm trying to find out from IANA if this is really what the IANA Expert Reviewer said. There might have been a misunderstanding here. Well, the port space is pretty crowded these days. But IANA is not going
to tell the *IETF* that they need the same ports as another protocol in
case the IETF decides that it needs different ports. IANA's job
description, for the protocol registries, is essentially: Register
everything the IETF tells you, the way they tell you.
IANA assumes that requests coming through the IETF have been more carefully vetted than port requests that arrive from elsewhere, so there is no Expert Review for those, because the IETF process should have eliminated/corrected nonsensical requests before they hit IANA. So for the moment, please assume that if we (as an IETF WG, followed by
IETF last call) decide that we need new ports, IANA will try their best
to give us new ports. The exact number may be treated as a detail.
Yes.
Notwithstanding what IANA may say, sharing the standard HTTP and HTTPS ports is rather useful for getting through firewalls. Even if they were not the defaults, I bet a lot of people would manually choose 443 in particular. Given this, we really want to make the protocol look enough like HTTP that you can share that port on the same host between HTTP and WebSocket. If there was no need to look anything like HTTP, we could use a handshake that's much more secure n the face of cross-protocol attacks.
Regards, Maciej
|