Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP
Eliot Lear <lear@cisco.com> Mon, 31 January 2011 22:08 UTC
Return-Path: <lear@cisco.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88BC13A6B2B for <ietf@core3.amsl.com>; Mon, 31 Jan 2011 14:08:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.231
X-Spam-Level:
X-Spam-Status: No, score=-110.231 tagged_above=-999 required=5 tests=[AWL=0.368, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rMHtKMRlARZf for <ietf@core3.amsl.com>; Mon, 31 Jan 2011 14:08:08 -0800 (PST)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by core3.amsl.com (Postfix) with ESMTP id 3CE773A6885 for <ietf@ietf.org>; Mon, 31 Jan 2011 14:08:08 -0800 (PST)
Authentication-Results: ams-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApkEALvCRk2Q/khLgWdsb2JhbACEFaBmFQEBFiIkohWKYpBGgSOBZ4FQdASMIQ
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-2.cisco.com with ESMTP; 31 Jan 2011 22:11:22 +0000
Received: from dhcp-10-61-100-10.cisco.com (dhcp-10-61-100-10.cisco.com [10.61.100.10]) by ams-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id p0VMBM5O009538; Mon, 31 Jan 2011 22:11:22 GMT
Message-ID: <4D47337E.1070300@cisco.com>
Date: Mon, 31 Jan 2011 23:11:10 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>
Subject: Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP
References: <20110118212603.5733.34489.idtracker@localhost> <B88A8A82-9C4A-40AC-89AF-F177260760F7@cisco.com> <ECA80A72-4E72-44D2-B40E-C90D7197E8C5@nokia.com> <4D421795.70505@isi.edu> <EFADE5D0-BB33-4418-B743-DFEC11B12740@cisco.com> <4D44F85D.5030407@isi.edu> <4D457FD9.5030905@vpnc.org> <B1E38EDF-E78E-47E2-B9A9-D7320A908217@nokia.com> <4D46CC62.1040006@vpnc.org> <3EEDEA1C-C34B-4F39-8E6E-AEDE50C1E504@nokia.com> <4D46D1D3.10701@vpnc.org> <F2152494-8C79-4A0F-951F-B3DB1D274A61@cisco.com> <4D46E2FF.7010203@cisco.com> <DFEB1164-0F63-4FCF-A68D-EF7B2F807649@skype.net> <AANLkTimkvJOdaBSp4r_Lqv5Q=zf1pH1rvhQB+Qf0BpLH@mail.gmail.com>
In-Reply-To: <AANLkTimkvJOdaBSp4r_Lqv5Q=zf1pH1rvhQB+Qf0BpLH@mail.gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2011 22:08:13 -0000
Eric, > Clearly, if you're going to do a negotiation design you want a single port. > If you're going to do a non-negotiated design, then I don't see a huge > amount of value in using a single port. It's true that there is a port > consumption issue, but OTOH ports are there for protocol demuxing and > this is clearly another protocol. Another way to look at this is that it's the same protocol running atop a security layer. Same protocol engine, perhaps in a slightly different security context in terms of what is authorized. And there's good reason to look at it this way. Aside from the leverage it gives reviewers as I discussed previously, there's also the minor matter of port consumption, which won't be so minor if we run short. And don't think that can't happen. Additional ports are being approved for reasons that are clearly architecture limitations. I'm not even sure this is an acceptable excuse. For one, if we look at some of the examples that have been mooted, I doubt that an additional port would have solved the downgrade problem. The case I have in mind is indeed SMTP. The conditions that allow for the downgrade attack have more to do with the realities of certificate management than STARTTLS. As I wrote in a different context there is also the draft that Paul has written for HASTLS, which allows a server to express a policy without having to require a port. While some of us have some questions about some of the choices Paul made in the design, on the whole I think everyone agrees it's a good idea. It may not, however, solve the entire problem, because we now are forced to answer the question as to how host policy should be conveyed. > It's simply a lot easier to have > your TLS stack just start its thing rather than try to autodetect > whether you have TLS or some other protocol. Maybe so (wasn't so hard for me), but there now is a whole lot of free code out there that does just this. > So I would generally push > back on the claim that non-negotiated designs should have to have > demuxing in information in the dataflow rather than use the port. There is a cost that extends beyond the protocol. That has to be taken into account. Eliot
- Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (… t.petch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Magnus Westerlund
- Re: [port-srv-reg] Last Call: <draft-ietf-tsvwg-i… Lars Eggert
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Lars Eggert
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Magnus Westerlund
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Carsten Bormann
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Lars Eggert
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… IETF Chair
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Paul Hoffman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joel Jaeggli
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… t.petch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Lars Eggert
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Michelle Cotton
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… ned+ietf
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… t.petch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Paul Hoffman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… David Conrad
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Michelle Cotton
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Lars Eggert
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Magnus Westerlund
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Paul Hoffman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Lars Eggert
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Paul Hoffman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eliot Lear
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Paul Hoffman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Magnus Westerlund
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Michelle Cotton
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eliot Lear
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eric Rescorla
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eliot Lear
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eric Rescorla
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Magnus Westerlund
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… ned+ietf
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eric Rescorla
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Paul Hoffman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eric Rescorla
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eric Rescorla
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eliot Lear
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Sam Hartman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Sam Hartman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eric Rescorla
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Magnus Westerlund
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… t.petch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… t.petch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Chris Benson
- RE: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Christian Huitema
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Bob Hinden
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Alexey Melnikov
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Alexey Melnikov
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Paul Hoffman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Peter Saint-Andre
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Cullen Jennings
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Alexey Melnikov
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Sam Hartman
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… t.petch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Alexey Melnikov
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Peter Saint-Andre
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Lars Eggert
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Joe Touch
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Magnus Westerlund
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Michelle Cotton
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Eliot Lear
- Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.tx… Markku Kojo