[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

On the use of HTTP as a Substrate

  • To: xml-dev@l...
  • Subject: On the use of HTTP as a Substrate
  • From: "Simon St.Laurent" <simonstl@s...>
  • Date: 21 Feb 2002 10:48:37 -0500

On the use of HTTP as a Substrate
A recent Best Current Practices RFC well worth a read, whether or not
you agree with it:
http://ietf.org/rfc/rfc3205.txt

-----------------------------------
The Internet community has a long tradition of protocol reuse, dating
back to the use of Telnet [4] as a substrate for FTP [5] and SMTP
[6].  However, the recent interest in layering new protocols over
HTTP has raised a number of questions when such use is appropriate,
and the proper way to use HTTP in contexts where it is appropriate.

-------------------------------------

In particular:
-------------------------------------
9. Summary of recommendations regarding reuse of HTTP

   1. All protocols should provide adequate security.  The security
      needs of a particular application will vary widely depending on
      the application and its anticipated use environment.  Merely using
      HTTP and/or TLS as a substrate for a protocol does not
      automatically provide adequate security for all environments, nor
      does it relieve the protocol developers of the need to analyze
      security considerations for their particular application.

   2. New protocols - including but not limited to those using HTTP -
      should not attempt to circumvent users' firewall policies,
      particularly by masquerading as existing protocols.
      "Substantially new services" should not reuse existing ports.

   3. In general, new protocols or services should not reuse http: or
      other URL schemes.

   4. Each new protocol specification that uses HTTP as a substrate
      should describe the specific way that HTTP is to be used by that
      protocol, including how the client and server interact with
      proxies.

   5. New services should follow the guidelines in section 8 regarding
      use of HTTP status codes.

---------------------------------------

This is not a brand-new document - I think it's been in the works for a
year and a half or two.  The RFC status is new.

-- 
Simon St.Laurent
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!
http://simonstl.com


PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.