OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   On the use of HTTP as a Substrate

[ Lists Home | Date Index | Thread Index ]

A recent Best Current Practices RFC well worth a read, whether or not
you agree with it:
http://ietf.org/rfc/rfc3205.txt

-----------------------------------
The Internet community has a long tradition of protocol reuse, dating
back to the use of Telnet [4] as a substrate for FTP [5] and SMTP
[6].  However, the recent interest in layering new protocols over
HTTP has raised a number of questions when such use is appropriate,
and the proper way to use HTTP in contexts where it is appropriate.

-------------------------------------

In particular:
-------------------------------------
9. Summary of recommendations regarding reuse of HTTP

   1. All protocols should provide adequate security.  The security
      needs of a particular application will vary widely depending on
      the application and its anticipated use environment.  Merely using
      HTTP and/or TLS as a substrate for a protocol does not
      automatically provide adequate security for all environments, nor
      does it relieve the protocol developers of the need to analyze
      security considerations for their particular application.

   2. New protocols - including but not limited to those using HTTP -
      should not attempt to circumvent users' firewall policies,
      particularly by masquerading as existing protocols.
      "Substantially new services" should not reuse existing ports.

   3. In general, new protocols or services should not reuse http: or
      other URL schemes.

   4. Each new protocol specification that uses HTTP as a substrate
      should describe the specific way that HTTP is to be used by that
      protocol, including how the client and server interact with
      proxies.

   5. New services should follow the guidelines in section 8 regarding
      use of HTTP status codes.

---------------------------------------

This is not a brand-new document - I think it's been in the works for a
year and a half or two.  The RFC status is new.

-- 
Simon St.Laurent
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!
http://simonstl.com





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS