Using StartTLS with HTTP connections
While catching up with some news groups today, I came across RFC 2817. This RFC describes HTTP protocol extensions to allow a client and server to initiate a TLS session over an existing connection. This has numerous benefits, and could definitely speed up web-based commerce (e.g., a dedicated secure connection is not required, slow start is avoided, etc.) . Now if only the browser developers would implement this! :)
Clay on January 10th, 2006
If only they would have used the seemingly de facto standard “StartTLS” keyword and not the new and ambiguous “Upgrade” keyword…