On Tue, Feb 10, 2009 at 4:31 PM, Mark Nottingham <m...@yahoo-inc.com> wrote: > Well, the authority is host + port; common sense tells us that it's unlikely > that the same (host, port) tuple that we speak HTTP on is also going to > support SMTP or XMPP. I'm not saying that common sense is universal, > however.
These assumptions are often violated in attack scenarios, especially by active network attackers who are very capable of hiding the honest https://example.com server behind a spoofed http://example.com:443 server. Adam