I can see that's true in new protocols, but they can't be claiming that http -> https upgrade works as needed, because that requires a change to a huge number of clients.
Agree with Noah, it's probably just a rote response. Something about 'secure port' just niggles them, I guess. B. On Wed, Jan 5, 2011 at 9:09 PM, Paul Davis <[email protected]> wrote: > Most odd. Your response looks good to me, but judging from the email > you're responding to, they've already specifically said that reasoning > is no longer considered. Perhaps you should ask which modern security > protocols they're talking about and some pointers on where we might > look for an "automagical upgrade" which I've never heard of before. > > On Wed, Jan 5, 2011 at 4:00 PM, Noah Slater <[email protected]> wrote: >> I'd like to get some peer review on my response to IANA here. >> >> CouchDB is a special use-case of HTTP 1.1 as justified in my previous >> application for TCP 5984. It is, however, still bound by the common >> limitations of HTTP 1.1 over SSL/TLS. In theory, HTTP 1.1 provides a >> mechanism to upgrade an established connection to a secure one, but in >> practice this is very rarely used, or in fact, implemented. >> >> If you wish to use HTTP 1.1 over SSL/TLS in a way that is compatible with >> current clients and libraries, it is necessary to use a dedicated port for >> this. Because it is anticipated that users will want to host non-secure and >> secure CouchDB databases on the same sever, we are therefor requesting a >> secure port, similar to TCP 443. >> >> On 24 Dec 2010, at 16:51, Pearl Liang via RT wrote: >> >>> Dear Noah Slater: >>> >>> Thank you for your patience. We received the following question for you: >>> >>> ----- >>> >>> Please justify and explain why a separate port number would be needed >>> for a secure version of the protocol? IANA does not anymore anticipate >>> allocating separate ports for secure versions as this is no longer >>> necessary with modern security protocols. Same holds for new >>> versions of the protocol (a version number should be included). >>> >>> ----- >>> >>> When we receive your reply, we will continue the processing of >>> the request. >>> >>> Thank you, >>> >>> Pearl Liang >>> ICANN/IANA >>> >>> On Tue Dec 14 11:08:43 2010, pearl.liang wrote: >>>> On Sat Dec 04 00:04:28 2010, [email protected] wrote: >>>>> >>>>> On 3 Dec 2010, at 22:36, Pearl Liang via RT wrote: >>>>> >>>>>> Dear Noah Slater: >>>>>> >>>>>> Thank you for your submission for a user port number. >>>>>> >>>>>> Can you please provide the current spec for the following? >>>>>> >>>>>>> Message Formats : >>>>>>> See TCP 5984. >>>>>>> >>>>>>> Message Types : >>>>>>> See TCP 5984. >>>>>>> >>>>>>> Message opcodes : >>>>>>> See TCP 5984. >>>>>>> >>>>>>> Message Sequences : >>>>>>> See TCP 5984. >>>>>>> >>>>>>> Protocol functions : >>>>>>> See TCP 5984. >>>>> >>>>> Sure, CouchDB uses HTTP 1.1 as defined in RFC 2616. >>>>> >>>>> The rationale for why CouchDB needs a distinct port from 80 was given >>>>> in the application for TCP 5984. To summarise: TCP 80 is defined as >>>>> HTTP for the World Wide Web, and CouchDB is a specialised >>>>> application of HTTP that is commonly expected to run in parallel >>>>> with a traditional web server. This same rationale should justify >>>>> the application for a TSL/SSL port variation. >>>>> >>>>>> The information is required to be reviewed by the current expert >>>>>> review team designated by IESG. >>>>> >>>>> Thank you. >>>>> >>>> >>>> ***ORIGINAL TEMPLATE*** >>>> On Fri Dec 03 05:47:41 2010, [email protected] wrote: >>>>> >>>>> Application for User Registered Port Number >>>>> >>>>> Name : >>>>> Noah Slater >>>>> >>>>> E-mail : >>>>> [email protected] >>>>> >>>>> Protocol Number : >>>>> TCP >>>>> >>>>> Message Formats : >>>>> See TCP 5984. >>>>> >>>>> Message Types : >>>>> See TCP 5984. >>>>> >>>>> Message opcodes : >>>>> See TCP 5984. >>>>> >>>>> Message Sequences : >>>>> See TCP 5984. >>>>> >>>>> Protocol functions : >>>>> See TCP 5984. >>>>> >>>>> Broadcast or Multicast used ? >>>>> no >>>>> >>>>> How and what for Broadcast or Multicast is used (if used): >>>>> >>>>> >>>>> Description : >>>>> This port will be for CouchDB HTTP traffic over an SSL connection. >>>>> CouchDB traffic is currently assigned to TCP 5984 by IANA. Due to >>>>> Host restrictions inherent to the HTTP protocol, SSL communications >>>>> need to use a different port number to differentiate them from non- >>>>> SSL communications from the same network address. Compare TCP 80 >>>>> and TCP 443. >>>>> >>>>> Name of the port : >>>>> CouchDB over TLS/SSL >>>>> >>>>> Short name of the port : >>>>> couchdbs >>>>> >>> >>> >> >> >
