Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL.

Jeffrey Altman writes:
> I have strong interest in adding TLS/SSL support for telnet, login, and
> ftp.
> The reality is that you need to have separate ports unless we want to
> force a major re-write of applications.

I used to agree with that, but when I tried it I decided that
actually it's not that bad.  SSL-izing telnet and ftp took me
about two days each, and most of that time was spent understanding
the option negotiation.  Of course that doesn't mean that it'll
work for everything, but I'd be willing to bet that there isn't
another protocol with an option negotiaiton that's sicker than
telnets. :-)

There's an internet draft on SSL inside ftp (i.e. negotiating
use of SSL in an FTP connection) written by Paul Ford-Hutchinson
Tim Hudson and myself: draft-murray-auth-ftp-ssl-00.txt.

> Of course, the preference would be to have TLS/SSL be implemented in
> the protocol stack and be transparent to the application whenever
> possible.

For real security you still need to provide the user some indication
what CipherType was negotiated.  Otherwise someone might connect
at "40 bits" when their data needs more security that that.
So it can't be 100% transparent.

Eric Murray
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF

Received on Wednesday, 5 February 1997 01:38:56 UTC