[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: URLs and TLS

To: Chris Newman <Chris.Newman@xxxxxxxxxxxx>
Subject: Re: URLs and TLS
From: Not Telling <spam.to@xxxxxxxx>
Date: Tue, 10 Mar 1998 07:27:02 -0800
Cc: Application Use of TLS IETF List <ietf-apps-tls@xxxxxxx>
Organization: Yoyoydne Systems Labs, Inc.
References: <>
Sender: owner-ietf-apps-tls@xxxxxxx

Chris Newman wrote:
> 
> However, this raises the following questions: Is it ever useful to specify
> in a URL that some use of TLS is required?  If so, what should the options
> be?

There's the "http://"; vs "https://"; level of distinction; clearly
that's useful today.  The "s suffix" meta-scheme for URLs _could_ be
continued, even when used with a single assigned port that needs to
pay extra negotiation costs (STARTTLS).  Equivalently, just a ";TLS"
token in URLs that don't otherwise restrict the URL syntax.  (HTTP
is not such a candidate!)

Re options ... no utility in duplicating what TLS provides, I'd say.
The URL can be tampered with, unlike the TLS handshake.

References:
- URLs and TLS
  - From: Chris Newman

Prev by Date: Re: URLs and TLS
Next by Date: Re: URLs and TLS
Previous by thread: Re: URLs and TLS
Next by thread: Re: URLs and TLS
Index(es):
- Date
- Thread