Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Joe Touch <> Fri, 11 February 2011 23:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B9AD43A69D1; Fri, 11 Feb 2011 15:48:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -104.832
X-Spam-Status: No, score=-104.832 tagged_above=-999 required=5 tests=[AWL=1.167, BAYES_00=-2.599, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id R999rtvbCs87; Fri, 11 Feb 2011 15:48:48 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 902CD3A6838; Fri, 11 Feb 2011 15:48:48 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id p1BNmRUY005939 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Fri, 11 Feb 2011 15:48:27 -0800 (PST)
Message-ID: <>
Date: Fri, 11 Feb 2011 15:48:27 -0800
From: Joe Touch <>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: Chris Newman <>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ISI-4-43-8-MailScanner: Found to be clean
Cc: Magnus Westerlund <>, Paul Hoffman <>,, tsvwg <>
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 11 Feb 2011 23:48:50 -0000

FWIW, we have removed the text on this recommendation from this draft (a 
version will appear later today).

However, I'd still appreciate resolving this issue, or at least 
clarifying the two different positions in detail, as part of a different 
draft that focuses on advise to how ports are used:

That doc will be updated in the next few days with more than just 
placeholders, and I'll include space for this debate there as well.



On 2/9/2011 6:12 PM, Chris Newman wrote:
> I know I'm very late on this topic, but my position differs from others
> so I'll comment.
> I can not deny that separate-port for SSL is simpler to implement on the
> server side (having done both). Since the odds of security bugs
> increases with the amount of code, I must conclude that separate-port
> SSL is more secure for _implementers_ and _implementations_ for that
> reason alone.
> However, I believe STARTTLS is more secure for _operators_ and
> _administrators_. The separate port model creates an illusion that there
> is a "secure" and "insecure" variant of the protocol and that a single
> firewall setting magically makes the application secure. In general,
> this is not true. Most servers have several security settings and the
> default settings have to compromise between common practice,
> secure-by-default practice, deployability, management complexity and
> usability. There is, in general, no way to make a server installation
> secure for a given site other than to understand the security settings
> that server provides and set them properly.
> A protocol that uses STARTTLS thus has the advantage of forcing the
> administrator/operator to look at the server's security settings to make
> the installation secure, thus increasing the odds of success relative to
> the separate-port model where an administrator might falsely assume
> they're done after blocking the non-SSL port.
> While I think the judgment call is close for
> separate-port-SSL-vs-STARTTLS, I prefer STARTTLS weighing all the factors.
> And for the record I'm responsible for TLS integration into a server
> product and maintain all the relevant code and find STARTTLS maintenance
> annoying. I'm also author of RFC 2595, so perhaps that balances out my
> bias as an implementer. ;-)
> It's also my opinion that a high quality client should use a "latched"
> model by default. If the client ever sees "STARTTLS" advertised and
> negotiates it successfully, the client records the fact in a local
> operations file that it used STARTTLS with server X. Subsequent to that
> it will require STARTTLS with server X and not back off. I will note
> that implementation strategy is simpler with the STARTTLS model than
> with the separate port model.
> As an aside, there is no interoperable specification for use of TLS
> client certificate authentication with the "pops" protocol (does it
> start in not-authenticated state and require an AUTH EXTERNAL, or does
> it start in authenticated state -- no way to distinguish the two cases).
> However, use of TLS client certificate authentication with POP+STLS
> according to written rules in RFC 2595 does interoperate.
> - Chris
> --On November 8, 2010 11:14:35 +0800 Magnus Westerlund
> <> wrote:
>> TLS experts,
>> There currently a WG last call ongoing in on the IANA Procedures for the
>> Management of the Service Name and Transport Protocol Port Number
>> Registry update document.
>> A WG last call comment on this document was raised by Paul Hoffman:
>> My summary of that comment is that STARTTLS for SMTP (RFC 3207) has
>> shown to have some security issues, be complexer to implement than using
>> two ports and thus less popular. Thus the registration rules should be
>> less restrictive in assigning an additional port for TLS version of
>> services/applications/protocols.
>> The downside of less restrictive port allocation rules is that the port
>> space will be consumed at a higher rate. Thus there is need to determine
>> what is the most suitable trade-off here.
>> Clearly if the security issues are serious when one multiplex TLS and
>> non-secured version of the protocol on the same port we must allow such
>> port allocations. However if the issues are minor and the primarily
>> issue is implementation complexity then saving the limited port space is
>> probably more important.
>> Your input into these questions would be very appreciated.
>> Thanks
>> Magnus Westerlund
>> ----------------------------------------------------------------------
>> Multimedia Technologies, Ericsson Research EAB/TVM
>> ----------------------------------------------------------------------
>> Ericsson AB | Phone +46 10 7148287
>> Färögatan 6 | Mobile +46 73 0949079
>> SE-164 80 Stockholm, Sweden| mailto:
>> ----------------------------------------------------------------------
>> _______________________________________________
>> TLS mailing list