Re: NEW DRAFT: Regularizing Port Numbers for SSL.

Whoa There--

The posting below deserves to be publicly answered by MS, NS and Consensus
*before* any action is taken by ietf-tls or anyone holding themself out as
empowered to act unilaterally.  

Is there not a potentially obvious opportunity to self-serve and an
actionable conflict of interest to the community at large.

What's the cost of one week, so that each of the three above can step
forward and commit in writing what their TLS inclusion policy will be?  

I'm just a potential applications user; but I can't believe that the
ietf-tls would run rough-shod over the fourth major member of the
"triumverate"... SSH. 

I'd sure like to hear what all four plan to do to keep the platform "open".
I am not ready to hand over my slice of the world to MS, NS, Consensus or
SSH until I know that baseline development opportunities remain open to

The whole point is that this is for everyone, not for the quick or
aggressive.  Drop the bully-boy behavior and toss the week or two away until
the positions are stated clearly.

I may have missed those *expected* posts before; but meanwhile, I can read
"concern" on the part of one of the new players on the block, XCert.  

...And we all know that they represent the least expensive solution on the
block at the moment. :-)  And as to SSH, well they're even less expensive.

I encourage, support, and demand a clear answer to Pat's questions from the
folks alluded to in Eric Murray's most recent post (who I've listed above).

I expect the same from any and all others who by the Proposed Draft will
find themselves in a position of public trust to keep the internet "open"
*before* any further action is taken by ietf-tls.  

Ray Sarna
Director, aZAP

BTW, any lawyers in this group?  Is this an anti-trust or restraint-of-trade
issue?  Is it class actionable?

>Date: Fri, 7 Feb 1997 16:54:15 -0800 (PST)
>From: Pat Richard <>
>Subject: Re: NEW DRAFT: Regularizing Port Numbers for SSL.

>On Fri, 7 Feb 1997, Christopher Allen wrote:
>> I believe that this new draft addresses the concerns brought up on the
>> SSL-Talk and IETF-TLS lists, yet still allows us to move forward for those
>> who need to interoperate now.
>(much deleted...)
>> 	https       443/tcp	https
>> 	ssmtp       465/tcp	ssmtp
>> 	snews       563/tcp	snews
>> 	ssl-ldap    636/tcp	ssl-ldap
>> 	spop3       995/tcp	SSL based POP3
>> As the above registrations are inconsistant, and most don't even mention
>> SSL or TLS, we would like to get these port assignments and names
>> regularized in the listing as follows:
>That's kind of funny. spop3 and ssl-ldap both mention ssl :-)
>> 	https       443/tcp	http protocol over TLS/SSL
>> 	smtps       465/tcp	smtp protocol over TLS/SSL (was ssmtp)
>> 	nntps       563/tcp	nntp protocol over TLS/SSL (was snntp)
>> 	ldaps       636/tcp	ldap protocol over TLS/SSL (was sldap)
>> 	pop3s       995/tcp	pop3 protocol over TLS/SSL (was spop3)
>Sorry for being pessimistic, please don't take this negatively, I
>just have some questions, being an implementor and one who has
>actually registered one of the above ports.
>I guess the real question is, does this will this "obsolete" any current
>products that do not do TLS on the above ports?
>Is "TLS" available from any vendor, aside from the author of this draft?
>What is the status of the TLS track? Are we commiting to a moving to
>TLS for the sole reason of supporting a vendor's efforts to single-handedly
>control TLS? What about if/when SSH moves into TLS? Does that
>mean that the above must also support that?
>> If there are any questions as to our authority to request such changes,
>> these changes have been run by the WG Chair, Win Treese
>> <>and Jeff Schiller <> is the IESG area
>> director over the TLS WG. In addition, these requests were run by Netscape,
>> Microsoft, the SSL-Talk mailing list and the IETF-TLS working group mailing
>> list, and rough consensus was achieved before being sent to you.
>> ------------------------------------------------------------------------
>> ..Christopher Allen                  Consensus Development Corporation..
>> ..<>                 1563 Solano Avenue #355..
>> ..                                             Berkeley, CA 94707-2116..
>> ..Home of "SSL Plus:                      o510/559-1500  f510/559-1505..
>> ..  SSL 3.0 Integration Suite(tm)" <>..
>Pat Richard

Received on Saturday, 8 February 1997 04:58:03 UTC