- From: Tom Weinstein <tomw@netscape.com>
- Date: Thu, 06 Feb 1997 10:15:20 -0800
- To: Christian Kuhtz <chk@gnu.ai.mit.edu>
- CC: Christopher Allen <ChristopherA@consensus.com>, Tim Hudson <tjh@mincom.com>, ietf-tls@w3.org, ssl-talk@netscape.com
Christian Kuhtz wrote: > > On Wed, 05 Feb 1997 19:50:46 -0800, Tom Weinstein <tomw@netscape.com> wrote: > >> People keep claiming that ports below 1024 are somehow "sacred". I >> have yet to hear a convincing argument for why this is so. In the >> old days, the OS reserved those ports for protected use and normal >> user programs couldn't use them. With the proliferation of PCs, it >> is trivial for someone to get a program to listen on one of those >> ports. So, why are these ports so special? > > Because that's how the model is defined? > > OS's that are compliant with the fact that you cannot bind to below > 1024 unless you are superuser will not go away anytime soon. If that > alone doesn't convince you, the rest isn't going to make a difference > either. > > This is about multiuser systems, and regular PC operating systems > (including NT) cannot count as that. > > There's absolutely no need to break rules and systems for something > that could be solved with slick and fairly easy engineering. > Especially if it is so much tied to security. That model works very well if you can be certain that every machine connected to your networks adheres to it. However, that is not the case. The IETF and IANA deal with standards for the whole internet. The reality of the situation is that relying for security on the the assumption that all machines are good citizens won't work. Besides, we aren't talking about cloning every registered port. We're talking about a few ports that are either already in use or will be very soon. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
Received on Thursday, 6 February 1997 13:14:18 UTC