IETF Logo Mail Archive

Re: [Uta] Port 465

"Christian Huitema" <huitema@huitema.net> Sat, 08 March 2014 19:33 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB3D1A0172 for <uta@ietfa.amsl.com>; Sat, 8 Mar 2014 11:33:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M6jVn2opPIJn for <uta@ietfa.amsl.com>; Sat, 8 Mar 2014 11:33:47 -0800 (PST)
Received: from xsmtp02.mail2web.com (xsmtp02.mail2web.com [168.144.250.215]) by ietfa.amsl.com (Postfix) with ESMTP id 2717F1A02A9 for <uta@ietf.org>; Sat, 8 Mar 2014 11:33:47 -0800 (PST)
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp02.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1WMN08-0000Xn-5E for uta@ietf.org; Sat, 08 Mar 2014 14:33:42 -0500
Received: (qmail 18094 invoked from network); 8 Mar 2014 19:33:39 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <chris.newman@oracle.com>; 8 Mar 2014 19:33:38 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Chris Newman' <chris.newman@oracle.com>, "'Salz, Rich'" <rsalz@akamai.com>, uta@ietf.org
References: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD89@USMBX1.msg.corp.akamai.com> <8691BA706C9BAB52D64A8444@96B2F16665FF96BAE59E9B90>
In-Reply-To: <8691BA706C9BAB52D64A8444@96B2F16665FF96BAE59E9B90>
Date: Sat, 08 Mar 2014 11:33:37 -0800
Message-ID: <00cd01cf3b05$4e5fa500$eb1eef00$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQLqr/Z6nmm4DB8XqlI3Q1K4INyh6QF0qVgsmJUAX3A=
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/k_DDnv9qcA7esWkXbn4L-U6TRIY
Subject: Re: [Uta] Port 465
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Mar 2014 19:33:49 -0000

>   This is a one time procedural exception to the rules in RFC 6335.
>  This requires explicit IESG approval and does not set a precedent.
>   Historically, port 465 was briefly registered as the "smtps" port.
>   This registration made no sense as the SMTP transport MX
>   infrastructure has no way to specify a port so port 25 is always
>   used.  As a result, the registration was revoked and was subsequently
>   reassigned to a different service.  In hindsight, the "smtps"
>   registration should have been renamed or reserved rather than
>   revoked.  Unfortunately, some widely deployed mail software
>   interpreted "smtps" as "submissions" [RFC6409] and used that port for
>   email submission by default when an end-user requests security during
>   account setup.  If a new port is assigned for the submissions
>   service, email software will either continue with unregistered use of
>   port 465 (leaving the port registry inaccurate relative to de-facto
 >  practice and wasting a well-known port), or confusion between the de-
 >  facto and registered ports will cause harmful interoperability
>   problems that will deter use of TLS for message submission.  The
>  authors believe both of these outcomes are less desirable than a wart
>   in the registry documenting real-world usage of a port for two
 > purposes.  Although STARTTLS-on-port-587 has deployed, it has not
 >  replaced deployed use of implicit TLS submission on port 465.

Updating mail agents to use another port is of course possible, but in
practice will require manual configuration of each and every agent. It would
have to be synchronized between servers and clients, which makes automated
updates pretty hard. In short, any drastic action is likely to disrupt the
deployment of SMTP Submission over TLS. We are trying to get more
disruption, not less, so we should not mandate a change of port on a large
number of deployed clients and servers.

The port collision is only a practical problem if the same server wants to
deploy both Secure SMTP submission and the experimental "URL Rendesvous
(sic) Directory for SSM." Do we know whether that is a problem in practice?
I suspect that the overlap between the two usages is quite small, and that
if any port migration is required, it will only concern a small number of
servers deploying both services.

Given that, it is probably better that the IANA directory recognizes usage.
IANA should document that traffic on TCP port 465 can be either of those
protocols. Or alternatively, mark TCP 465 as "reserved" and just pick a
different port for SSM...

-- Christian Huitema

v2.23.0 | Report a Bug | By Email