From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <7270cbb0e0c673a48fba4c401875c664@plan9.bell-labs.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] circular logic (was webdav...) From: "Russ Cox" MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Mon, 4 Nov 2002 22:34:58 -0500 Topicbox-Message-UUID: 15797c62-eacb-11e9-9e20-41e7f4b1d025 >> non-http protocols are dangerous. >> therefore we'll only allow http. > > This is an oversimplification. The companies that I know that have > this problem are actually in a situation where they have an internal > network that is not directly routed to the Internet at all, and all > traffic must pass through application-layer gateways (aka proxies). > The protocols which are proxied tend to vary. But everyone proxies > HTTP in this environment. Not everyone. I bet there are places where the proxies are mag tapes moved from outside machines to inside machines (and not vice versa). > There often isn't an intent to stop the use of other applications; just > no resources (time and money) to explicitly enable them. Come on. Buy a router that does ip filtering. They all do. HTTP proxies would have to be changed to admit WebDAV (they added new verbs!), so we're talking about modifications either way. My point was that it makes more sense just to open another port. > (If everyone used Plan 9 and people could just import /net, this > problem wouldn't exist... people in these environments would just > tunnel everything over 9P! Is this any more acceptable?) No, it's not. It would be just as dumb (although more convenient for me) to allow only 9P through a firewall. > > only http is allowed. > > therefore we'll tunnel everything over http. > > So often this is a matter of resources; if the application developer > knows that in some situations only HTTP is allowed, but doesn't want to > write everything for both cases, said application developer will tend > to just do everything over HTTP so that it "just works" for people on > weird networks. If you're actually _using_ HTTP then fine. Tunneling WebDAV over HTTP requires changing all the proxies because you're really speaking WebDAV/HTTP, which bears only a passing resemblance to HTTP. Who says the weird networks are going to allow WebDAV/HTTP through? My point was that it's work either way. It's dumb that WebDAV and friends are trying to pretend that it's not. Russ