On Thu, 16 Jul 2009, Mark Nottingham wrote: > > So, to be clear, the only time the byte-for-byte HTTP handshake is used > is when it's over a TLS tunnel via CONNECT (i.e., it's not used to set > up the tunnel, but only once it's established)?
It's used whenever the client thinks it has a connection to the destination HTTP or WebSocket server, whether that's over TLS or not. If it _knows_ that it is talking to a proxy, then it does the CONNECT thing first (or whatever is appropriate; SOCKS proxies are preferred). If it thinks it is talking to the destination server but is being intercepted by a man-in-the-middle proxy, e.g. when it tries to connect over port 80 without knowing of any proxies (not a recommended practice, but it could happen), then you run into the problem that Adrian and I are discussing in the separate branch of this thread. > If that's the case, should be no problem. A bit weird, thought; speaking > two protocols on the same port isn't really good practice... Indeed, that's why it has (well, will have, they're not registered yet) its own ports. On the long term, I would hope that we could just use those, and not have to worry about HTTP at all. We're not there yet. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
