Re: Security issues with draft-ietf-tsvwg-iana-ports-08

Joe Touch <touch@isi.edu> Tue, 09 November 2010 19:52 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7BCBD3A6A25 for <tsvwg@core3.amsl.com>; Tue, 9 Nov 2010 11:52:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I46Z6G2ZlG1Q for <tsvwg@core3.amsl.com>; Tue, 9 Nov 2010 11:52:29 -0800 (PST)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) by core3.amsl.com (Postfix) with ESMTP id 6BA8F3A6911 for <tsvwg@ietf.org>; Tue, 9 Nov 2010 11:52:29 -0800 (PST)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id oA9JqeGm016092 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Tue, 9 Nov 2010 11:52:40 -0800 (PST)
Message-ID: <4CD9A688.9090302@isi.edu>
Date: Tue, 09 Nov 2010 11:52:40 -0800
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Subject: Re: Security issues with draft-ietf-tsvwg-iana-ports-08
References: <4CCD6B0B.5040804@isode.com> <p06240842c8f7b9ba2577@[10.20.30.150]> <4CD27ECF.1010500@cisco.com> <p06240802c8f8882552b4@[10.20.30.150]> <4CD2FAEB.5020606@cisco.com> <4CD4B053.8010001@ericsson.com> <p0624082dc8fb3842cc69@[10.20.30.150]> <4CD764F1.9060700@ericsson.com>
In-Reply-To: <4CD764F1.9060700@ericsson.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: oA9JqeGm016092
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 19:52:30 -0000

On 11/7/2010 6:48 PM, Magnus Westerlund wrote:
...
> Ok, I don't know about that. I did a bit of looking on the number of
> port numbers that includes TLS in their comments fields. It appears that
> the number is around 55 ports assigned today for TCP (106 occurrences at
> http://www.iana.org/assignments/port-numbers). Searching for SSL (184
> hits), Secure (157 hits). Considering that most TCP based protocols also
> got an UDP port, the actual number of services using TLS/SSL or being
> for the secure version seems to be around 100.

FWIW, that last part hasn't been true for a few years now. IANA doesn't 
give both UDP and TCP; each protocol needs to be requested specifically 
and motivated individually.

We also recently started to label UDP ports used solely for discovery as 
-disc (this is a *suggestion* to applicants, not a hard requirement).

Old protocols are, FWIW, intended to be handled as per the wiggle words 
at the beginning of Sec 7.2. Again, this is NOT BINDING. It's intended 
to inform the public about the current view, which can (and will) change.

Perhaps those items shouldn't even be in this doc? (omit sec 7?)

Joe