W3C home > Mailing lists > Public > ietf-tls@w3.org > January to March 1997

Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL

From: Eric Murray <ericm@lne.com>
Date: Thu, 6 Feb 1997 08:37:58 -0800 (PST)
Message-Id: <199702061637.IAA24874@slack.lne.com>
To: Robert.Goodwin@mcc.ac.uk
Cc: ietf-tls@w3.org
Robert Goodwin writes:
> 
> Eric Murray wrote:
> > The biggest drawback to seperate assigned ports for the TLS versions
> > of N services is the limited port number space below 1024.
> > Is there any reason (other than convention) for using port
> > numbers under 1024?  I know some filtering router "firewalls"
> > will need to be re-programmed, but other than that small problem
> > why not use ports over 1024?
> 
> Ports below 1024 are treated differently under unix-like systems: only
> root can initiate services on these ports


Yea, I know that.

With server certificates, does it make any difference?
(remember in SSL/TLS the server always sends its certificate)

You still have to be able to prove, by using the private key which
is presumably kept secret & encrypted, that a server is
who it's certificate says it is.  The certificate is really
the authenticator, not the port.  Given the number of root
hacks around, having a service on a port below 1024 doens't
prove as much as it should.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
Received on Thursday, 6 February 1997 11:38:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC