Re: secure tcp ports

   X-POP3-Rcpt: billo@home
   Content-Type: text/plain
   Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
   X-Nextstep-Mailer: Mail 3.3 (Enhance 2.0b5)
   Sender: Christian Kuhtz <>
   From: Christian Kuhtz <>
   Date: Thu,  6 Feb 97 14:04:37 -0700
   References: <>

   On Thu, 6 Feb 1997 12:32:06 -0500, "Bill O'Donnell" <> wrote:
   > While it may be inelegant to simply double the number of ports for
   > security, it probably won't actually cause any serious insurmountable
   > problems in the future. An application-level protocol or scheme
   > for negotiation up to SSL/TLS will forever cause compatibility and
   > interoperability problems.

   Such as?

- broken clients that predate the negotiation protocol that manage to 
  accidentally trip the negotiation sequence, but obviously can't
  complete it.
- servers that predate the negotiation protocol that react badly
  to clients trying to get a secure connection.

   > Saying "it's easy" to come up with a universal scheme to allow this
   > kind of negotiation is naive.  In reality, it's probably impossible.

   Would you mind sharing what you have in mind as an insurmountable 
   show stopper?

- Some protocols may because of their very nature may leave no 
  room for escape mechanisms to substitute a different sub-application
  layer protocol.
- If it was really easy, some really smart person out there might
  have been able to at least describe it by now. It's usually safer to
  think of software problems as hard until demonstrated to be easy, not the
  other way around. 

Bill O'Donnell
NetCentric Corp  17 Msgr O'Brien Hwy   Cambridge, MA 02142

Received on Thursday, 6 February 1997 16:51:28 UTC