On Tue, May 3, 2011 at 08:09, Dirk-Willem van Gulik <[email protected]> wrote:
> a) Make SSL only the default (ideally with client cert on as well). Sounds good to me. > b) Postulate that one port lower there is an optional HTTP port (OFF, or > tied to localhost). The IETF _strongly_ prefers STARTTLS over separate TLS/non-TLS ports. If you ever want to get an IANA assignment, you are pretty much required to support STARTTLS unless you are working with legacy protocols. Using STARTTLS and requiring TLS by default seems like a good option for the medium term, to me. Richard _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
