Re: TWO WEEK LAST CALL: Regularizing Port Numbers for SSL. from Eric Murray on 1997-02-09 (ietf-tls@w3.org from January to March 1997)

From: Eric Murray <ericm@lne.com>
Date: Sun, 9 Feb 1997 07:19:15 -0800 (PST)
To: marks@thawte.com (Mark Shuttleworth)
Cc: treese@OpenMarket.com, ietf-tls@w3.org
Message-Id: <199702091519.HAA26328@slack.lne.com>

Mark Shuttleworth writes:
> Win Treese wrote:
> > I think that we have a practical problem to solve in
> > the short term. Even if we agreed that the "right thing"
> > was to multiplex applications over a TLS channel, or
> > that the "right thing" was to let applications negotiate
> > their own use of TLS, it would take a while to get the
> > necessary specs on the standards track.
> > 
> > Chris's proposal lets a number of projects proceed,
> > so I think we should go ahead with it. I encourage
> > continued thinking and proposals to solve the broader
> > problem, but I think they go beyond the charter of
> > this working group now.
> 
> You can never undo this, Win.  Never ever.  Once IANA approves that
> request those ports are gone in the short and long term,  because somebody
> somewhere will still be running a secure server on one of them.
> 
> If there were even one shred of evidence that NS and MS had met to resolve
> this "The Right Way",  and failed,  then that would be one thing.

Mark, why do NS and MS need to meet on this?  We, the IETF working
group, are the ones making the decision, not NS and MS.  Admittedly
much of the WG's discussions have been MS vs NS but I think we've been
getting away from that, and I think that's a good thing.

Why would you want to re-politicize the WG?

>  But there is no such evidence.  This is an exercise in stubborness. 

I fail to see the great conspiracy that you (and others) are alluding to.
Usually I'm first to see stuff like that, not the last. :-)
Could someone explain to me why calls to actually go ahead with something
(like we agreed to at the San Jose meeting in December) appear to
them to be evidence that someone's putting something over on them?

> I hope
> the IANA returns this request to sender with a clear message that no such
> requests will be considered until they are the last resort,  not the
> first.

The alternatives are taking 6 months or a year (more likely a year) of dicking
around trying to A) get people to write drafts on TLS-MUX, and running
code ("concensus and running code" remember), then adopting that.
B) getting people to write drafts for negotiating TLS in the various
application protocols, then working with the IETF groups that oversee
those protocols to incorporate TLS into them. 
or C) we could forget about specifying ports at all.  However the likely
result of that would be a whole lot of people in the field putting an
TLS library together with their favorite TCP apps and just running it
on whatever port they have free at the moment.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF

Received on Sunday, 9 February 1997 10:19:55 UTC