- From: Robert Goodwin <robert.goodwin@mcc.ac.uk>
- Date: Thu, 6 Feb 1997 19:57:26 +0000 (GMT)
- To: freier@netscape.com (Alan O. Freier)
- Cc: ietf-tls@w3.org
> Labeling this UNIX "hack" as a security feature is incredibly > irresponsible. It never was and it never will be. Anybody that relies on > it for protection is security hazzard waiting to be exploited. Indeed; I never intended to imply that it should be relied upon. But that *is* the reason why the numbers < 1024 are different; there is no other reason. As someone has pointed out to me, given the nature of the services being discussed with their proof of identity by both parties there is absolutely no security-related reason why numbers >1024 should not be used. However, since port numbers >1024 are available to any user on the system, does one not run the risk of finding the port already in use by a user? -- Robert.Goodwin@mcc.ac.uk
Received on Thursday, 6 February 1997 15:06:58 UTC