> Sender: francis@ariel.local.thibault.org > From: John Stracke <francis@ecal.com> > Resent-From: http-wg@hplb.hpl.hp.com > Date: Tue, 29 Jun 1999 16:47:55 +0000 > To: "Http-Wg@Hplb. Hpl. Hp. Com" <http-wg@hplb.hpl.hp.com> > Subject: Re: Upgrading to TLS Within HTTP/1.1 draft available > ----- > Scott Lawrence wrote: > > > Part of the goal here is to show how secured and unsecured traffic in any > > protocol can share a TCP well known port, so that we can get away from > > assigning two ports to each protocol. > > But aren't there security benefits to having separate ports (e.g., making it > possible to run your secure server in a separate process)? > > No: the problem is that establishing a connection to a separate port allows for man-in-the-middle attacks at connection establishment times; you are just making attacks easier using different port numbers. The new IESG/IANA policy is therefore to no longer allocate independent port numbers for secure connections. This is the stronger motivation than conserving port numbers. - Jim GettysReceived on Tuesday, 29 June 1999 18:06:04 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:31 EDT