Tom Weinstein writes: > The question, then, is do we reserve special ports for protocols that > sit over SSL, or do we try to negotiate up to SSL after connecting to > the normal port? If we do the later, I get worried about security. Yea, there's more ways to shoot yourself in the foot when you're negotiating SSL/TLS inside another protocol. I think the problems are surmountable as long as the application can notify the user (or some decision-making code in the server) when attempted SSL/TLS negotiation fails. The biggest drawback to seperate assigned ports for the TLS versions of N services is the limited port number space below 1024. Is there any reason (other than convention) for using port numbers under 1024? I know some filtering router "firewalls" will need to be re-programmed, but other than that small problem why not use ports over 1024? -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AFReceived on Wednesday, 5 February 1997 14:49:53 EST
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:56 EDT