W3C home > Mailing lists > Public > ietf-tls@w3.org > January to March 1997

Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL

From: Alan O. Freier <freier@netscape.com>
Date: Thu, 06 Feb 1997 09:42:09 -0800
Message-ID: <32FA17F1.77E2@netscape.com>
To: Robert.Goodwin@mcc.ac.uk
CC: ietf-tls@w3.org
Robert Goodwin wrote:
> 
> Ports below 1024 are treated differently under unix-like systems: only
> root can initiate services on these ports[1], thus the operating system
> provides for some protection against a user on the system trying to subvert
> services - important particularly in the context of "secure" services.
> 
> --
> Robert.Goodwin@mcc.ac.uk
> 
> [1]gross oversimplification, but adequate in the circumstances I think :-)

Labeling this UNIX "hack" as a security feature is incredibly
irresponsible. It never was and it never will be. Anybody that relies on
it for protection is security hazzard waiting to be exploited.

-- 
Alan O. Freier               Corporate Cynic
<freier@netscape.com>        (415) 937-3638 (work)
Received on Thursday, 6 February 1997 12:47:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC