W3C home > Mailing lists > Public > ietf-tls@w3.org > January to March 1997

Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL

From: Robert Goodwin <robert.goodwin@mcc.ac.uk>
Date: Thu, 6 Feb 1997 19:57:26 +0000 (GMT)
Message-Id: <11763.9702061957@mcchpd.mcc.ac.uk>
To: freier@netscape.com (Alan O. Freier)
Cc: ietf-tls@w3.org
> Labeling this UNIX "hack" as a security feature is incredibly
> irresponsible. It never was and it never will be. Anybody that relies on
> it for protection is security hazzard waiting to be exploited.

Indeed; I never intended to imply that it should be relied upon. But that
*is* the reason why the numbers < 1024 are different; there is no other
reason. As someone has pointed out to me, given the nature of the services
being discussed with their proof of identity by both parties there is
absolutely no security-related reason why numbers >1024 should not be used.

However, since port numbers >1024 are available to any user on the system,
does one not run the risk of finding the port already in use by a user?

-- 
Robert.Goodwin@mcc.ac.uk 
Received on Thursday, 6 February 1997 15:06:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC