* William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote: <snip> > http://www.ietf.org/rfc/rfc2817.txt > > spells out methods that the server can -insist- that an upgraded > connection is used, and the client can instigate an upgraded > connection as well even if the server doesn't require it. > > But under no conditions is https:// valid for an upgraded > connection. The connection never left port 80. The scheme > http:// describes a connection to (default) port 80 started > as clear text, while the https:// scheme describes an explicit > SSL connection to (default) port 443. Upgrade is an addendum > to the http:// scheme.
What fools are sitting there in the IETF ?! Couldn't they just define a new protocol (probably running on its own port) which allows specifying additional headers *before* SSL handshake starts or another SSL version, which allows passing additional info from client->server before certs are exchanged/checked ? Life could be so easy this way - probably too easy ... Well, that were the same folks who invented IPSEC, which is not NAT'able. It seems its the "we have enough IP addresses"-sickness ... ... its time to completely redesign HTTP ... cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: [EMAIL PROTECTED] cellphone: +49 174 7066481 --------------------------------------------------------------------- -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops -- ---------------------------------------------------------------------
