W3C home > Mailing lists > Public > ietf-tls@w3.org > January to March 1997

Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL.

From: Eric Murray <ericm@lne.com>
Date: Tue, 4 Feb 1997 22:38:42 -0800 (PST)
Message-Id: <199702050638.WAA06345@slack.lne.com>
To: jaltman@columbia.edu
Cc: ChristopherA@consensus.com, ietf-tls@w3.org
Jeffrey Altman writes:
> I have strong interest in adding TLS/SSL support for telnet, login, and
> ftp.
> The reality is that you need to have separate ports unless we want to
> force a major re-write of applications.

I used to agree with that, but when I tried it I decided that
actually it's not that bad.  SSL-izing telnet and ftp took me
about two days each, and most of that time was spent understanding
the option negotiation.  Of course that doesn't mean that it'll
work for everything, but I'd be willing to bet that there isn't
another protocol with an option negotiaiton that's sicker than
telnets. :-)

There's an internet draft on SSL inside ftp (i.e. negotiating
use of SSL in an FTP connection) written by Paul Ford-Hutchinson
Tim Hudson and myself: draft-murray-auth-ftp-ssl-00.txt.

> Of course, the preference would be to have TLS/SSL be implemented in
> the protocol stack and be transparent to the application whenever
> possible.

For real security you still need to provide the user some indication
what CipherType was negotiated.  Otherwise someone might connect
at "40 bits" when their data needs more security that that.
So it can't be 100% transparent.

Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
Received on Wednesday, 5 February 1997 01:38:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC