- From: Eric Murray <ericm@lne.com>
- Date: Wed, 5 Feb 1997 11:49:40 -0800 (PST)
- To: tomw@netscape.com (Tom Weinstein)
- Cc: dpkemp@missi.ncsc.mil, ietf-tls@w3.org
Tom Weinstein writes: > The question, then, is do we reserve special ports for protocols that > sit over SSL, or do we try to negotiate up to SSL after connecting to > the normal port? If we do the later, I get worried about security. Yea, there's more ways to shoot yourself in the foot when you're negotiating SSL/TLS inside another protocol. I think the problems are surmountable as long as the application can notify the user (or some decision-making code in the server) when attempted SSL/TLS negotiation fails. The biggest drawback to seperate assigned ports for the TLS versions of N services is the limited port number space below 1024. Is there any reason (other than convention) for using port numbers under 1024? I know some filtering router "firewalls" will need to be re-programmed, but other than that small problem why not use ports over 1024? -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Received on Wednesday, 5 February 1997 14:49:53 UTC