[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Finding PKIX Servers!

To: <ekr@xxxxxxxx>, "Andrew Probert" <AndrewP@xxxxxxxxxxxx>
Subject: RE: Finding PKIX Servers!
From: "Phillip M Hallam-Baker" <pbaker@xxxxxxxxxxxx>
Date: Fri, 12 Feb 1999 11:36:25 -0500
Cc: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

> Andrew Probert <AndrewP@rotek.com.au> writes:
> > Yeah .. apologies, my typing was in haste, I know HTTP is over IP.
> Uh, not to be difficult, but not over IP either. Over TCP.

No, HTTP is layered on a transport layer which provides an 8 bit clean,
reliable connection. In the early days we used DECNET to a significant
degree (the DEC IP stack cost extra at the time!).

As a matter of fact, in those days I thought the OSI based Decnet
phase V was going to replace IP - mainly because of the address
space exhaustion issue. That was before firewalls, NAT and DCHP.

> > I meant to allude to simplicity of the transport i.e. you can
> Telnet to a
> > Web server and hand-type HTTP protocol, so the underlying comms is very
> > simple, but you are pushing a lot of stuff up into the HTTP application.

Actually, the idea we had was to remove the unnecessary work from
the application. FTP's twin connection is far more complex for any
application to manage than the HTTP 'idempotent request' model.
Similarly the LDAP BIND operation achieves nothing of real value.

The 'complexity' of HTTP/1.1 is due to the caching model. No other
retrieval protocol I am aware of has any caching model - the applications
were too busy performing unnecessary operations such as BIND and UNBIND.
Caching is not a particular burden on applications however.

Even with every 1.1 boondoggle, HTTP is by far the most straightforward
protocol to implement at the application level.

In retrospect I think that the confusion that HTTP ended concerned
the interface between the authentication/authorization model (an
application concern) and the transport connection. For some reason it
was assumed to be a good idea to keep TCP/IP sessions going
indefinitely - instead of simply caching the access control context
at each end.

Unfortunately some folk took this a bit far, maybe Eric can remember
the name of that chap from Chicago who he used to work with who had
the idea of downloding every image in a page as a separate TCP/IP
connection. That was definitely a bad idea!

		Phill

References:
- Re: Finding PKIX Servers!
  - From: EKR

Prev by Date: RE: Yes, and remove more of the alphabet from the PKIX soup
Next by Date: Re: Yes, and remove more of the alphabet from the PKIX soup
Previous by thread: Re: Finding PKIX Servers!
Next by thread: RE: Finding PKIX Servers!
Index(es):
- Date
- Thread