Re: [port-srv-reg] Updating the draft with WGLC comments

[Joe Touch <touch@isi.edu>]

Hi, Magnus,

The feedback from Paul suggests it would be useful to update Sec 7.

Despite the explicit warning - already in the doc - that these 
principles are NOT binding, it might be useful to discuss the issue of 
whether separate ports should be allocated for requests for new protocols.

I.e., http vs https is currently legacy. We already expect that new 
requests for nonsecure legacy services could result in a new, secure port.

The question is whether a brand new service should be allocated separate 
ports for secure and nonsecure variants.

The document discusses this point as follows:

    o  IANA will allocate only one assigned port number for all versions
       of a service (e.g., running the service with or without a security
       mechanism, or for updated variants of a service)

...
   - Further,
    previous separation of protocol variants based on security
    capabilities (e.g., HTTP on TCP port 80 vs. HTTPS on TCP port 443) is
    not recommended for new protocols, because all new protocols should
    be security-capable and capable of negotiating the use of security
    in-band.

Here's the TLS summary
	for:
		Mike D'Errico
		Nico Williams
	against:
		Paul Hoffman
		Marsh Ray - really just wants default to secure
		Richard Hartman

Some just wanted security all the time:
	Geoffry Keating
	Mike D'Errico

I didn't see that they came to consensus on this issue. We can easily 
omit the security text altogether from this text if preferred, and let 
the TLS community make a final BCP recommendation.

However, despite their status as security experts, I find their logic 
disturbing. Port numbers themselves have no inherent security, so 
ultimately only the application can require a service to be secure 
anyway. Using port number blocking to assume security is laughable at 
best, so I stand by the current text.

IMO we already have enough wiggle words that this section isn't binding 
anyway. IMO, let the TLS folk create a BCP to the contrary, at which 
point some of us (me at least) will write a doc explaining why port 
numbers aren't security anyway ;-)

Thoughts? Leave it? Take it out because a non-consensus subset disagrees?

Joe





On 11/17/2010 2:25 AM, Magnus Westerlund wrote:
> Hi,
>
> I am now back in the office after a few extra days in Beijing. I think
> we should get going on preparing the update of the document so it is
> ready after the WG last call ends. I did talk to Alexey about this
> document. He does want rapid progression so that he can take care of it
> before his current IESG term is up.
>
> We have two comments requiring changes. The first one about fixing
> inconsistencies in language. I have proposed Allocate, Michelle wasn't
> that happy over it. More views on allocate vs. assign is appreciated.
> But please provide them now rather than later.
>
> The second changes are getting Paul hoffman's suggest two changes into
> the document with potential some tweaking of the language.
>
> Can anyone get started on these changes?
>
> Cheers
>
> Magnus Westerlund
>
> ----------------------------------------------------------------------
> Multimedia Technologies, Ericsson Research EAB/TVM
> ----------------------------------------------------------------------
> Ericsson AB                | Phone  +46 10 7148287
> Färögatan 6                | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
> _______________________________________________
> Port-srv-reg mailing list
> Port-srv-reg@ietf.org
> https://www.ietf.org/mailman/listinfo/port-srv-reg