Richard Levitte - VMS Whacker wrote:
> ...
> Uhmm, what exactly is the functional difference between HTTPS and
> HTTP/TLS? For me, they describe the function "running HTTP
> through a SSL or TLS encryption tunnel"...
The https scheme defines a secure connection (default port 443)
for HTTP. The encryption is mandatory and immediate.
The "HTTP Upgrade" spec defines a new HTTP status code (426)
and the necessary fields and values needed to upgrade an
existing HTTP link (on port 80 or whatever) to an encrypted
one. The client or server can initiate the upgrade. Once
you start the HTTP upgrade, the handshake is the same as
for SSL or TLS.
The driving force behind the HTTP Upgrade specification was
to get away from each protocol defining a secure and non-
secure port. Any new IETF-approved protocol that supports
encryption must now do it through an "upgrade" process -
you can't use two different ports anymore...
The upgrade method also has the added benefit of supporting
new technologies more easily - e.g. Kerberos over HTTP.
A HTTP client or server app can provide modules for all of
the encryption support - new module, new upgrade method.
--
______________________________________________________________________
Michael Sweet, Easy Software Products [EMAIL PROTECTED]
Printing Software for UNIX http://www.easysw.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
