Re: [Uta] Port 465
"Christian Huitema" <huitema@huitema.net> Mon, 10 March 2014 15:20 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16A6D1A035E for <uta@ietfa.amsl.com>; Mon, 10 Mar 2014 08:20:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t3D4e0J428V4 for <uta@ietfa.amsl.com>; Mon, 10 Mar 2014 08:20:33 -0700 (PDT)
Received: from xsmtp02.mail2web.com (xsmtp22.mail2web.com [168.144.250.185]) by ietfa.amsl.com (Postfix) with ESMTP id 6ED4C1A0432 for <uta@ietf.org>; Mon, 10 Mar 2014 08:20:33 -0700 (PDT)
Received: from [10.5.2.31] (helo=xmail09.myhosting.com) by xsmtp02.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1WN20A-0001sR-RT for uta@ietf.org; Mon, 10 Mar 2014 11:20:27 -0400
Received: (qmail 2942 invoked from network); 10 Mar 2014 15:20:25 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail09.myhosting.com (qmail-ldap-1.03) with ESMTPA for <chris.newman@oracle.com>; 10 Mar 2014 15:20:22 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Eliot Lear' <lear@cisco.com>, 'Chris Newman' <chris.newman@oracle.com>, "'Salz, Rich'" <rsalz@akamai.com>, uta@ietf.org
References: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD89@USMBX1.msg.corp.akamai.com> <8691BA706C9BAB52D64A8444@96B2F16665FF96BAE59E9B90> <00cd01cf3b05$4e5fa500$eb1eef00$@huitema.net> <531D60FC.2090604@cisco.com>
In-Reply-To: <531D60FC.2090604@cisco.com>
Date: Mon, 10 Mar 2014 08:20:21 -0700
Message-ID: <020f01cf3c74$41845c20$c48d1460$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQLqr/Z6nmm4DB8XqlI3Q1K4INyh6QF0qVgsAMfbD2AB0JZSJpiDHR2A
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/GzQGqQQx8maV5MAYd9yBYkCfihw
Subject: Re: [Uta] Port 465
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 15:20:38 -0000
On Sunday, March 9, 2014 11:52 PM, Eliot Lear wrote > On 3/8/14, 8:33 PM, Christian Huitema wrote: >> The port collision is only a practical problem if the same server wants to >> deploy both Secure SMTP submission and the experimental "URL Rendesvous >> (sic) Directory for SSM." > > Routers running URD intercept all packets using port 465, regardless of > destination. That particularity of the URD design seems to be the root of the problem. It assumes that port numbers have global meaning, when the practice has always been that port numbers are locally assigned by host systems. Yes, there is an IANA registry, but its practical use is advisory, a convenience, not a hard coded rule of the Internet. I suppose that the IAB could have an interesting debate on this subject. The net result is that URD is hard to deploy, because ISP will presumably be reluctant to break secure mail traffic and receive the corresponding amount of support calls. If I was responsible for that product, I would explore design changes that minimize the issue. For example, using some form of IP anycast address, so the routers only have to intercept the packets that are meant to be intercepted. Or maybe put some kind of signature in the packet, like a TCP option that asks to "intercept me." Or a specific source port. There has to be a way to minimize the problem... -- Christian Huitema
- Re: [Uta] Port 465 Eliot Lear
- [Uta] Port 465 Salz, Rich
- Re: [Uta] Port 465 Chris Newman
- Re: [Uta] Port 465 Ilari Liusvaara
- Re: [Uta] Port 465 Christian Huitema
- Re: [Uta] Port 465 t.p.
- Re: [Uta] Port 465 Eliot Lear
- [Uta] What's the right thing to do about Port 465? Keith Moore
- [Uta] What's the right thing to do about Port 465? Kurt Andersen
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] What's the right thing to do about Port… Tony Finch
- Re: [Uta] Port 465 Christian Huitema
- Re: [Uta] Port 465 Eliot Lear
- Re: [Uta] What's the right thing to do about Port… t.p.
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] Port 465 Keith Moore
- Re: [Uta] Port 465 Kurt Andersen
- Re: [Uta] Port 465 Joe St Sauver
- Re: [Uta] Port 465 Keith Moore
- Re: [Uta] Port 465 Kurt Andersen
- Re: [Uta] What's the right thing to do about Port… Chris Newman
- Re: [Uta] Port 465 Chris Newman
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] What's the right thing to do about Port… t.p.
- Re: [Uta] What's the right thing to do about Port… Keith Moore