[
Lists Home |
Date Index |
Thread Index
]
A recent Best Current Practices RFC well worth a read, whether or not
you agree with it:
http://ietf.org/rfc/rfc3205.txt
-----------------------------------
The Internet community has a long tradition of protocol reuse, dating
back to the use of Telnet [4] as a substrate for FTP [5] and SMTP
[6]. However, the recent interest in layering new protocols over
HTTP has raised a number of questions when such use is appropriate,
and the proper way to use HTTP in contexts where it is appropriate.
-------------------------------------
In particular:
-------------------------------------
9. Summary of recommendations regarding reuse of HTTP
1. All protocols should provide adequate security. The security
needs of a particular application will vary widely depending on
the application and its anticipated use environment. Merely using
HTTP and/or TLS as a substrate for a protocol does not
automatically provide adequate security for all environments, nor
does it relieve the protocol developers of the need to analyze
security considerations for their particular application.
2. New protocols - including but not limited to those using HTTP -
should not attempt to circumvent users' firewall policies,
particularly by masquerading as existing protocols.
"Substantially new services" should not reuse existing ports.
3. In general, new protocols or services should not reuse http: or
other URL schemes.
4. Each new protocol specification that uses HTTP as a substrate
should describe the specific way that HTTP is to be used by that
protocol, including how the client and server interact with
proxies.
5. New services should follow the guidelines in section 8 regarding
use of HTTP status codes.
---------------------------------------
This is not a brand-new document - I think it's been in the works for a
year and a half or two. The RFC status is new.
--
Simon St.Laurent
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!
http://simonstl.com
|
