IETF Logo Mail Archive

Re: [port-srv-reg] Updating the draft with WGLC comments

Lars Eggert <lars.eggert@nokia.com> Tue, 30 November 2010 14:46 UTC

Return-Path: <lars.eggert@nokia.com>
X-Original-To: port-srv-reg@core3.amsl.com
Delivered-To: port-srv-reg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4E8128C1A3 for <port-srv-reg@core3.amsl.com>; Tue, 30 Nov 2010 06:46:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.032
X-Spam-Level:
X-Spam-Status: No, score=-103.032 tagged_above=-999 required=5 tests=[AWL=0.567, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jzsTizMhYe16 for <port-srv-reg@core3.amsl.com>; Tue, 30 Nov 2010 06:46:29 -0800 (PST)
Received: from mgw-da01.nokia.com (smtp.nokia.com [147.243.128.24]) by core3.amsl.com (Postfix) with ESMTP id 207C828C100 for <port-srv-reg@ietf.org>; Tue, 30 Nov 2010 06:46:29 -0800 (PST)
Received: from mail.fit.nokia.com (esdhcp030222.research.nokia.com [172.21.30.222]) by mgw-da01.nokia.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id oAUElZMn013760 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 30 Nov 2010 16:47:36 +0200
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.96.4 at fit.nokia.com
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: multipart/signed; boundary=Apple-Mail-9--711365508; protocol="application/pkcs7-signature"; micalg=sha1
From: Lars Eggert <lars.eggert@nokia.com>
In-Reply-To: <4CED2834.90808@ericsson.com>
Date: Tue, 30 Nov 2010 16:47:26 +0200
Message-Id: <FFD9E4CF-5A87-475A-850D-164C36117AFE@nokia.com>
References: <4CE3AD8E.4070705@ericsson.com> <4CE47714.50806@isi.edu> <4CE4D9E1.5010308@ericsson.com> <4CEABE0E.7050209@isi.edu> <4CEABEAC.70307@isi.edu> <4CEBD261.5080101@ericsson.com> <4CEBF4C5.5020001@isi.edu> <4CED2834.90808@ericsson.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
X-Mailer: Apple Mail (2.1082)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (mail.fit.nokia.com); Tue, 30 Nov 2010 16:47:32 +0200 (EET)
X-Nokia-AV: Clean
Cc: "port-srv-reg@ietf.org" <port-srv-reg@ietf.org>
Subject: Re: [port-srv-reg] Updating the draft with WGLC comments
X-BeenThere: port-srv-reg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of updates to service name and transport protocol port registry <port-srv-reg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/port-srv-reg>, <mailto:port-srv-reg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/port-srv-reg>
List-Post: <mailto:port-srv-reg@ietf.org>
List-Help: <mailto:port-srv-reg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/port-srv-reg>, <mailto:port-srv-reg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Nov 2010 14:46:30 -0000

Status check?

Lars

On 2010-11-24, at 16:59, Magnus Westerlund wrote:

> Joe Touch skrev 2010-11-23 18:07:
>> Just tell me what the preferred phrase is, and I can do a pass.
> 
> Thanks Joe,
> 
> I have proposed that we use Allocation as it appears to be slightly more
> matching from an english language point of view than Assign. However,
> Michelle had a preference for Assign. Frankly I don't think it matters,
> as long as we use only one of the terms.
> 
> When it comes to registration: We could call it "Allocation Request" and
> remove registration completely.
> 
> Cheers
> 
> Magnus
> 
> 
>> 
>> Joe
>> 
>> On 11/23/2010 6:40 AM, Magnus Westerlund wrote:
>>> Hi,
>>> 
>>> I think these changes are fine. That still leaves the changes regarding
>>> the usage of allocation vs assign and register. Is anyone willing to
>>> take this on. I would love, however, my son has been sick (just a cold)
>>> but it has resulted in me missing a number of work hours making it
>>> difficult for me to keep up with things. So I would love if someone was
>>> willing to do this pass.
>>> 
>>> Cheers
>>> 
>>> Magnus
>>> 
>>> Joe Touch skrev 2010-11-22 20:04:
>>>> PS - attached is a diff of the two XML files, which may make the changes
>>>> more clear.
>>>> 
>>>> Joe
>>>> 
>>>> 
>>>> On 11/22/2010 11:01 AM, Joe Touch wrote:
>>>>> See attached as a way to address the concerns.
>>>>> 
>>>>> Basically, I clarified that these are NOT binding (many times), and
>>>>> changed the word to "strives" (i.e., implying a goal), rather than
>>>>> indicating it as a hard rule.
>>>>> 
>>>>> Let me know if it answers the mail, or if I can help adjust further.
>>>>> 
>>>>> Joe
>>>>> 
>>>>> On 11/17/2010 11:46 PM, Magnus Westerlund wrote:
>>>>>> Joe Touch skrev 2010-11-18 01:45:
>>>>>>> Hi, Magnus,
>>>>>>> 
>>>>>>> The feedback from Paul suggests it would be useful to update Sec 7.
>>>>>>> 
>>>>>>> Despite the explicit warning - already in the doc - that these
>>>>>>> principles are NOT binding, it might be useful to discuss the issue of
>>>>>>> whether separate ports should be allocated for requests for new
>>>>>>> protocols.
>>>>>>> 
>>>>>>> I.e., http vs https is currently legacy. We already expect that new
>>>>>>> requests for nonsecure legacy services could result in a new, secure
>>>>>>> port.
>>>>>>> 
>>>>>>> The question is whether a brand new service should be allocated separate
>>>>>>> ports for secure and nonsecure variants.
>>>>>>> 
>>>>>>> The document discusses this point as follows:
>>>>>>> 
>>>>>>> o IANA will allocate only one assigned port number for all versions
>>>>>>> of a service (e.g., running the service with or without a security
>>>>>>> mechanism, or for updated variants of a service)
>>>>>>> 
>>>>>>> ...
>>>>>>> - Further,
>>>>>>> previous separation of protocol variants based on security
>>>>>>> capabilities (e.g., HTTP on TCP port 80 vs. HTTPS on TCP port 443) is
>>>>>>> not recommended for new protocols, because all new protocols should
>>>>>>> be security-capable and capable of negotiating the use of security
>>>>>>> in-band.
>>>>>>> 
>>>>>>> Here's the TLS summary
>>>>>>> for:
>>>>>>> Mike D'Errico
>>>>>>> Nico Williams
>>>>>>> against:
>>>>>>> Paul Hoffman
>>>>>>> Marsh Ray - really just wants default to secure
>>>>>>> Richard Hartman
>>>>>>> 
>>>>>>> Some just wanted security all the time:
>>>>>>> Geoffry Keating
>>>>>>> Mike D'Errico
>>>>>>> 
>>>>>>> I didn't see that they came to consensus on this issue. We can easily
>>>>>>> omit the security text altogether from this text if preferred, and let
>>>>>>> the TLS community make a final BCP recommendation.
>>>>>>> 
>>>>>>> However, despite their status as security experts, I find their logic
>>>>>>> disturbing. Port numbers themselves have no inherent security, so
>>>>>>> ultimately only the application can require a service to be secure
>>>>>>> anyway. Using port number blocking to assume security is laughable at
>>>>>>> best, so I stand by the current text.
>>>>>>> 
>>>>>>> IMO we already have enough wiggle words that this section isn't binding
>>>>>>> anyway. IMO, let the TLS folk create a BCP to the contrary, at which
>>>>>>> point some of us (me at least) will write a doc explaining why port
>>>>>>> numbers aren't security anyway ;-)
>>>>>> 
>>>>>> My view is that there seem to be no real security benefit from running
>>>>>> separate ports generally. One anyway has to live with the downgrade
>>>>>> attacks etc. Thus I think port space preservation is still the main goal.
>>>>>> 
>>>>>>> 
>>>>>>> Thoughts? Leave it? Take it out because a non-consensus subset
>>>>>>> disagrees?
>>>>>>> 
>>>>>> 
>>>>>> I would do some minor tweaks, at least to the following sentence:
>>>>>> 
>>>>>> IANA will allocate only one assigned port number for all versions
>>>>>> of a service (e.g., running the service with or without a security
>>>>>> mechanism, or for updated variants of a service)
>>>>>> 
>>>>>> People interpret the "will allocate only" very strict. I think we can
>>>>>> reword this to be one degree less strict. like:
>>>>>> 
>>>>>> IANA will with extremely few exceptions allocate only one assigned port
>>>>>> number for all versions of a service (e.g., running the service with or
>>>>>> without a security mechanism, or for updated variants of a service)
>>>>>> 
>>>>>> 
>>>>>> Cheers
>>>>>> 
>>>>>> Magnus Westerlund
>>>>>> 
>>>>>> ----------------------------------------------------------------------
>>>>>> Multimedia Technologies, Ericsson Research EAB/TVM
>>>>>> ----------------------------------------------------------------------
>>>>>> Ericsson AB | Phone +46 10 7148287
>>>>>> Färögatan 6 | Mobile +46 73 0949079
>>>>>> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
>>>>>> ----------------------------------------------------------------------
>>> 
>>> 
>> 
> 
> 
> -- 
> 
> Magnus Westerlund
> 
> ----------------------------------------------------------------------
> Multimedia Technologies, Ericsson Research EAB/TVM
> ----------------------------------------------------------------------
> Ericsson AB                | Phone  +46 10 7148287
> Färögatan 6                | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
> _______________________________________________
> Port-srv-reg mailing list
> Port-srv-reg@ietf.org
> https://www.ietf.org/mailman/listinfo/port-srv-reg

v2.8.7 | Report a Bug | By Email