Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL

Robert Goodwin writes:
> Eric Murray wrote:
> > The biggest drawback to seperate assigned ports for the TLS versions
> > of N services is the limited port number space below 1024.
> > Is there any reason (other than convention) for using port
> > numbers under 1024?  I know some filtering router "firewalls"
> > will need to be re-programmed, but other than that small problem
> > why not use ports over 1024?
> Ports below 1024 are treated differently under unix-like systems: only
> root can initiate services on these ports

Yea, I know that.

With server certificates, does it make any difference?
(remember in SSL/TLS the server always sends its certificate)

You still have to be able to prove, by using the private key which
is presumably kept secret & encrypted, that a server is
who it's certificate says it is.  The certificate is really
the authenticator, not the port.  Given the number of root
hacks around, having a service on a port below 1024 doens't
prove as much as it should.

Eric Murray
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF

Received on Thursday, 6 February 1997 11:38:24 UTC