- From: Eric Murray <ericm@lne.com>
- Date: Thu, 6 Feb 1997 08:37:58 -0800 (PST)
- To: Robert.Goodwin@mcc.ac.uk
- Cc: ietf-tls@w3.org
Robert Goodwin writes: > > Eric Murray wrote: > > The biggest drawback to seperate assigned ports for the TLS versions > > of N services is the limited port number space below 1024. > > Is there any reason (other than convention) for using port > > numbers under 1024? I know some filtering router "firewalls" > > will need to be re-programmed, but other than that small problem > > why not use ports over 1024? > > Ports below 1024 are treated differently under unix-like systems: only > root can initiate services on these ports Yea, I know that. With server certificates, does it make any difference? (remember in SSL/TLS the server always sends its certificate) You still have to be able to prove, by using the private key which is presumably kept secret & encrypted, that a server is who it's certificate says it is. The certificate is really the authenticator, not the port. Given the number of root hacks around, having a service on a port below 1024 doens't prove as much as it should. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Received on Thursday, 6 February 1997 11:38:24 UTC