From: "Russ Cox" <rsc@plan9.bell-labs.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] circular logic (was webdav...)
Date: Mon, 4 Nov 2002 22:34:58 -0500 [thread overview]
Message-ID: <7270cbb0e0c673a48fba4c401875c664@plan9.bell-labs.com> (raw)
>> non-http protocols are dangerous.
>> therefore we'll only allow http.
>
> This is an oversimplification. The companies that I know that have
> this problem are actually in a situation where they have an internal
> network that is not directly routed to the Internet at all, and all
> traffic must pass through application-layer gateways (aka proxies).
> The protocols which are proxied tend to vary. But everyone proxies
> HTTP in this environment.
Not everyone. I bet there are places where the proxies
are mag tapes moved from outside machines to inside
machines (and not vice versa).
> There often isn't an intent to stop the use of other applications; just
> no resources (time and money) to explicitly enable them.
Come on. Buy a router that does ip filtering. They all do.
HTTP proxies would have to be changed to admit WebDAV
(they added new verbs!), so we're talking about modifications
either way. My point was that it makes more sense just to
open another port.
> (If everyone used Plan 9 and people could just import /net, this
> problem wouldn't exist... people in these environments would just
> tunnel everything over 9P! Is this any more acceptable?)
No, it's not. It would be just as dumb (although more convenient
for me) to allow only 9P through a firewall.
> > only http is allowed.
> > therefore we'll tunnel everything over http.
>
> So often this is a matter of resources; if the application developer
> knows that in some situations only HTTP is allowed, but doesn't want to
> write everything for both cases, said application developer will tend
> to just do everything over HTTP so that it "just works" for people on
> weird networks.
If you're actually _using_ HTTP then fine. Tunneling WebDAV
over HTTP requires changing all the proxies because you're
really speaking WebDAV/HTTP, which bears only a passing
resemblance to HTTP. Who says the weird networks are going
to allow WebDAV/HTTP through?
My point was that it's work either way. It's dumb that WebDAV
and friends are trying to pretend that it's not.
Russ
next reply other threads:[~2002-11-05 3:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-05 3:34 Russ Cox [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-11-05 2:51 presotto
2002-11-04 22:27 Russ Cox
2002-11-05 1:43 ` Jonathan Sergent
2002-11-04 20:32 Skip Tavakkolian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7270cbb0e0c673a48fba4c401875c664@plan9.bell-labs.com \
--to=rsc@plan9.bell-labs.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).