Re: Browser Support for TLS/HTTP Upgrade?

[Richard Levitte - VMS Whacker]

From: Michael Sweet <[EMAIL PROTECTED]>

mike> The "HTTP Upgrade" spec defines a new HTTP status code (426)
mike> and the necessary fields and values needed to upgrade an
mike> existing HTTP link (on port 80 or whatever) to an encrypted
mike> one.  The client or server can initiate the upgrade.  Once
mike> you start the HTTP upgrade, the handshake is the same as
mike> for SSL or TLS.

I think Eric's point is one of user request and feedback.  How does a
user easily request a secure channel?  As it is right now, "https:" as
opposed to "http:" is a very simple way, and also contains direct
feedback.  The user knows (hopefully) that the extra "s" means it's
intended to be secure (at least, we can hope for it, can't we?  :-)).

Of course, on graphical browsers, there's normally some other way to
get the feedback as well...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]