Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL

> Labeling this UNIX "hack" as a security feature is incredibly
> irresponsible. It never was and it never will be. Anybody that relies on
> it for protection is security hazzard waiting to be exploited.

Indeed; I never intended to imply that it should be relied upon. But that
*is* the reason why the numbers < 1024 are different; there is no other
reason. As someone has pointed out to me, given the nature of the services
being discussed with their proof of identity by both parties there is
absolutely no security-related reason why numbers >1024 should not be used.

However, since port numbers >1024 are available to any user on the system,
does one not run the risk of finding the port already in use by a user?


Received on Thursday, 6 February 1997 15:06:58 UTC