Re: NEW DRAFT: Regularizing Port Numbers for SSL. from Eric Murray on 1997-02-08 (ietf-tls@w3.org from January to March 1997)

From: Eric Murray <ericm@lne.com>
Date: Fri, 7 Feb 1997 21:57:10 -0800 (PST)
To: patr@xcert.com (Pat Richard)
Cc: ChristopherA@consensus.com, ssl-talk@netscape.com, ietf-tls@w3.org, treese@OpenMarket.com, jis@mit.edu
Message-Id: <199702080557.VAA15000@slack.lne.com>

Pat Richard writes:

> That's kind of funny. spop3 and ssl-ldap both mention ssl :-)

I think Chris is working off an out-of-date list.

> > 	https       443/tcp	http protocol over TLS/SSL
> > 	smtps       465/tcp	smtp protocol over TLS/SSL (was ssmtp)
> > 	nntps       563/tcp	nntp protocol over TLS/SSL (was snntp)
> > 	ldaps       636/tcp	ldap protocol over TLS/SSL (was sldap)
> > 	pop3s       995/tcp	pop3 protocol over TLS/SSL (was spop3)
> > 
> 
> Sorry for being pessimistic, please don't take this negatively, I
> just have some questions, being an implementor and one who has
> actually registered one of the above ports.
> 
> I guess the real question is, does this will this "obsolete" any current
> products that do not do TLS on the above ports?

It would if they don't do SSL.  There shouldn't be anything on
those ports that isn't doing SSL.  If something on those ports does
talk SSL3 then it'll be able to talk to implementations talking
TLS on those ports.  If it's doing SSL2 it might be out of luck...

> Is "TLS" available from any vendor, aside from the author of this draft?

Most people with an SSL3 in production have said that they'll
move to TLS when it's final.

> What is the status of the TLS track? Are we commiting to a moving to
> TLS for the sole reason of supporting a vendor's efforts to single-handedly
> control TLS?

Huh?  Who's single-handedly controlling TLS?  I count as major players
Netscape and Microsoft, with Consensus coming up.  But they're certainly
not the only people involved, nor the only people whos ideas have been
listen to.

> What about if/when SSH moves into TLS? Does that
> mean that the above must also support that?

That's SSHs problem isn't it?
I'd hope that since SSH _is_ controlled single-handedly then it'd
do the clean solution and negotiate the use of TLS internal to the
protocol rather than external via a seperate port number.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF

Received on Saturday, 8 February 1997 00:58:02 UTC