Hiya, On 10/03/2020 19:11, Paul Vixie wrote: > On Tuesday, 10 March 2020 19:05:39 UTC Stephen Farrell wrote: >> Paul, >> >> ... >> >> What's the difference between having a port number >> as part of HTTPSSVC (or whatever we call it;-) in >> the DNS and having a web page on 443 that includes >> hrefs with https:// schemed URLs that are not using >> port 443? > > technically, very little. practically, one of them doesn't solve the problem > addressed by ANAME, and the other does.
Sorry, let me try again. HTTPSSVC might include a port option or not. If it does, then traffic will use that as the destination port. If it does not, and someone prefers not to use 443 for their server, they'll just do one more HTTP roundtrip. (They'll likely need to support that HTTP 30x anyway for non-HTTPSSVC aware clients). ISTM the end result is the same traffic heading to the non-443 destination port, but, in the 2nd case, with one gratuitous interaction on port 443. I don't get why that distinction is meaningful for the operator of the network containing the browser, which is where I understood your concern lies. > so we can expect ubiquitous deployment > for HTTPSSVC, Browser support for https on other ports is already there so not sure why that matters. > with a non-modal knowledge spectrum among deployers. I also don't understand what you mean by that last. (I do have a guess, but not a confident one:-) Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop