Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL.

Christian Kuhtz wrote:
> On Wed, 05 Feb 1997 19:50:46 -0800, Tom Weinstein <> wrote:
>> People keep claiming that ports below 1024 are somehow "sacred".  I
>> have yet to hear a convincing argument for why this is so.  In the
>> old days, the OS reserved those ports for protected use and normal
>> user programs couldn't use them.  With the proliferation of PCs, it
>> is trivial for someone to get a program to listen on one of those
>> ports.  So, why are these ports so special?
> Because that's how the model is defined?
> OS's that are compliant with the fact that you cannot bind to below
> 1024 unless you are superuser will not go away anytime soon.  If that
> alone doesn't convince you, the rest isn't going to make a difference
> either.
> This is about multiuser systems, and regular PC operating systems
> (including NT) cannot count as that.
> There's absolutely no need to break rules and systems for something
> that could be solved with slick and fairly easy engineering. 
> Especially if it is so much tied to security.

That model works very well if you can be certain that every machine
connected to your networks adheres to it.  However, that is not the
case.  The IETF and IANA deal with standards for the whole internet.
The reality of the situation is that relying for security on the the
assumption that all machines are good citizens won't work.

Besides, we aren't talking about cloning every registered port.  We're
talking about a few ports that are either already in use or will be
very soon.

You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      |

Received on Thursday, 6 February 1997 13:14:18 UTC