271 lines
19 KiB
HTML
271 lines
19 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<!-- saved from url=(0066)https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0079.html -->
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
|
|
|
<meta name="generator" content="hypermail 2.3.1, see http://www.hypermail-project.org/">
|
|
<title>NEW DRAFT: Regularizing Port Numbers for SSL. from Christopher Allen on 1997-02-07 (ietf-tls@w3.org from January to March 1997)</title>
|
|
<meta name="Author" content="Christopher Allen (ChristopherA@consensus.com)">
|
|
<meta name="Subject" content="NEW DRAFT: Regularizing Port Numbers for SSL.">
|
|
<meta name="Date" content="1997-02-07">
|
|
<link rel="stylesheet" href="./NEW DRAFT_ Regularizing Port Numbers for SSL. from Christopher Allen on 1997-02-07 (ietf-tls@w3.org from January to March 1997)_files/public-message" type="text/css">
|
|
<link rel="alternate stylesheet" title="Shorter view" href="https://www.w3.org/StyleSheets/Mail/style-short.css">
|
|
<link rel="help" href="https://lists.w3.org/Help/">
|
|
<link rel="start" href="https://lists.w3.org/Archives/Public/ietf-tls/" title="ietf-tls@w3.org archives">
|
|
<link id="vTabsCoreCSS" rel="stylesheet" href="chrome-extension://okpnlgbgcfchbicbhjmmhldhkbkfilce/themes/styles.css"></head>
|
|
<body>
|
|
<div class="head">
|
|
<map title="Navigation bar to upper levels" id="upper">
|
|
<p>
|
|
<a href="https://www.w3.org/" title="W3C home">W3C home</a> >
|
|
<a href="https://lists.w3.org/" title="Mailing lists archives">Mailing
|
|
lists</a> >
|
|
<a href="https://lists.w3.org/Archives/Public/" title="Public mailing
|
|
lists">Public</a> >
|
|
<a href="https://lists.w3.org/Archives/Public/ietf-tls/" title="Index of ietf-tls@w3.org" rel="start">ietf-tls@w3.org</a> >
|
|
<a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/" rel="contents" title="Messages received in January to March 1997">January to March 1997</a>
|
|
</p>
|
|
</map>
|
|
<h1>NEW DRAFT: Regularizing Port Numbers for SSL.</h1>
|
|
<!-- received="Fri Feb 7 17:28:49 1997" -->
|
|
<!-- isoreceived="19970207172849" -->
|
|
<!-- sent="Fri, 7 Feb 1997 14:27:43 -0800" -->
|
|
<!-- isosent="19970207222743" -->
|
|
<!-- name="Christopher Allen" -->
|
|
<!-- email="ChristopherA@consensus.com" -->
|
|
<!-- subject="NEW DRAFT: Regularizing Port Numbers for SSL." -->
|
|
<!-- id="v03101406af215a4fc3b3@[157.22.240.12]" -->
|
|
<!-- charset="us-ascii" -->
|
|
<!-- expires="-1" -->
|
|
<map id="navbar" name="navbar">
|
|
<ul class="links">
|
|
<li>
|
|
<dfn>This message</dfn>:
|
|
[ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0079.html#start79" name="options1" id="options1" tabindex="1">Message body</a> ]
|
|
[ <a href="mailto:ietf-tls@w3.org?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E" accesskey="r" title="respond to this message">Respond</a> ]
|
|
[ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0079.html#options3">More options</a> ]
|
|
</li>
|
|
<li>
|
|
<dfn>Related messages</dfn>:
|
|
<!-- unext="start" -->
|
|
[ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0080.html" accesskey="d" title="Eric Murray: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."">Next message</a> ]
|
|
[ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0078.html" title="Dan Simon: "RE: Shared Secret Authentication"">Previous message</a> ]
|
|
<!-- unextthread="start" -->
|
|
[ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0080.html" accesskey="t" title="Eric Murray: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."">Next in thread</a> ]
|
|
[ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0079.html#replies">Replies</a> ]
|
|
<!-- ureply="end" -->
|
|
</li>
|
|
</ul>
|
|
</map>
|
|
</div>
|
|
<!-- body="start" -->
|
|
<div class="mail">
|
|
<address class="headers">
|
|
<span id="from">
|
|
<dfn>From</dfn>: Christopher Allen <<a href="mailto:ChristopherA@consensus.com?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">ChristopherA@consensus.com</a>>
|
|
</span><br>
|
|
<span id="date"><dfn>Date</dfn>: Fri, 7 Feb 1997 14:27:43 -0800</span><br>
|
|
<span id="message-id"><dfn>Message-Id</dfn>: <v03101406af215a4fc3b3@[157.22.240.12]>
|
|
</span><br>
|
|
<span id="to"><dfn>To</dfn>: <a href="mailto:ssl-talk@netscape.com?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">ssl-talk@netscape.com</a>, <a href="mailto:ietf-tls@w3.org?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">ietf-tls@w3.org</a>
|
|
</span><br>
|
|
<span id="cc"><dfn>Cc</dfn>: Win Treese <<a href="mailto:treese@OpenMarket.com?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">treese@OpenMarket.com</a>>, "Jeffrey I. Schiller" <<a href="mailto:jis@mit.edu?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">jis@mit.edu</a>>
|
|
</span><br>
|
|
</address>
|
|
<pre id="body"><a name="start79" accesskey="j" id="start79"></a>I believe that this new draft addresses the concerns brought up on the
|
|
SSL-Talk and IETF-TLS lists, yet still allows us to move forward for those
|
|
who need to interoperate now.
|
|
|
|
If you have any comments about these specific requests, please cc: both
|
|
lists, <<a href="mailto:SSL-Talk@netscape.com?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">SSL-Talk@netscape.com</a>> and <<a href="mailto:ietf-tls@w3.org?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">ietf-tls@w3.org</a>>. However, any comments
|
|
regarding requirements for single port/port mapping solutions should be
|
|
exclusively on <<a href="mailto:ietf-tls@w3.org?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">ietf-tls@w3.org</a>> as that will be in our queue for future
|
|
standards work.
|
|
|
|
I will be sending the final version of this request to the IANA on
|
|
Wednesday, November 12th.
|
|
|
|
---------
|
|
The SSL 3.0 protocol has the broadest implementation of any security
|
|
standard to date, with both Netscape and Microsoft using it in their
|
|
popular servers and browsers. SSL 3.0 has been submitted to the TLS working
|
|
group of the IETF, and is is proceeding out of internet-draft status under
|
|
a new name, TLS.
|
|
|
|
Tim Dierks and I are editors for that working group, Win Treese
|
|
<<a href="mailto:treese@OpenMarket.com?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">treese@OpenMarket.com</a>> is the working group chair, and Jeff Schiller
|
|
<<a href="mailto:jis@mit.edu?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">jis@mit.edu</a>> is the IESG area director over the WG.
|
|
|
|
Tim are I have two documents undergoing revision:
|
|
<draft-ietf-tls-protocol-00.txt> & <draft-ietf-tls-ssl-mods-00.txt>, which
|
|
were approved during the last working group meeting in San Jose, and are
|
|
being merged into one draft as we speak.
|
|
|
|
One area that I am trying to resolve are the port and port naming issues
|
|
with TLS/SSL.
|
|
|
|
As a transport layer security standard, TLS/SSL can work transparently with
|
|
existing application level protocols (such as http, nntp, nttp) without
|
|
*any* change to the protocol other than using a different port number. As
|
|
an example, the popular http protocol uses port 80, and the SSL enabled
|
|
version of http uses 443.
|
|
|
|
It is possible for a single port to be used for both unsecure and secure
|
|
uses, however, this requires two things:
|
|
|
|
* Changes in the application level protocols which must
|
|
be separately adopted by each working group over such
|
|
protocols. An example of changes that would allow for
|
|
a single port in the FTP protocol is covered in
|
|
<draft-murray-auth-ftp-ssl-00.txt>
|
|
|
|
* Support by firewalls to understand and resolve
|
|
use of a single port for both unsecure and secure uses.
|
|
|
|
It is also possible that there could be a single port/port mapping solution
|
|
to allow any protocol to be used with TLS without port proliferation,
|
|
however, after considerable discussion in the TLS working group there is no
|
|
easy design that resolves both architecture and security issues. We have
|
|
agreed to add to the TLS agenda and charter to resolve this problem in the
|
|
future.
|
|
|
|
Thus, until each protocol is revised to allow for authenication under a
|
|
single port, or a single port/port mapping solution is architected, we will
|
|
require separate ports for TLS/SSL implementations of the most popular
|
|
protocols.
|
|
|
|
There are a number of ports currently registered with the IANA the for use
|
|
by the SSL protocol. They are:
|
|
|
|
https 443/tcp https
|
|
ssmtp 465/tcp ssmtp
|
|
snews 563/tcp snews
|
|
ssl-ldap 636/tcp ssl-ldap
|
|
spop3 995/tcp SSL based POP3
|
|
|
|
As the above registrations are inconsistant, and most don't even mention
|
|
SSL or TLS, we would like to get these port assignments and names
|
|
regularized in the listing as follows:
|
|
|
|
https 443/tcp http protocol over TLS/SSL
|
|
smtps 465/tcp smtp protocol over TLS/SSL (was ssmtp)
|
|
nntps 563/tcp nntp protocol over TLS/SSL (was snntp)
|
|
ldaps 636/tcp ldap protocol over TLS/SSL (was sldap)
|
|
pop3s 995/tcp pop3 protocol over TLS/SSL (was spop3)
|
|
|
|
There is also currently a desire among existing SSL implementors to
|
|
register a number of additional ports mappings for other protocols such as
|
|
ftp. We want to avoid port proliferation as much as possible until we have
|
|
a long term solution, so we have limited these requests to those protocols
|
|
in which we have recieved commitments from a minimum of 2 independent
|
|
implementations by developers.
|
|
|
|
We have been told that some of these invididual implementors may have
|
|
attempted to register ports for these uses of SSL, but as of today they
|
|
have not recieved registration for these assignments.
|
|
|
|
We would like to suggest the following:
|
|
|
|
ftps-data 889/tcp ftp protocol, data, over TLS/SSL
|
|
ftps 990/tcp ftp protocol, control, over TLS/SSL
|
|
imaps 991/tcp imap4 protocol over TLS/SSL
|
|
telnets 992/tcp telnet protocol over TLS/SSL
|
|
ircs 993/tcp irc protocol over TLS/SSL
|
|
|
|
I also have a question -- who requested the following service? We don't
|
|
know if it is our SSL or something else with the same acronym.
|
|
|
|
naming-iiop-ssl 261/tcp IIOP Naming Service (SSL)
|
|
|
|
Under your procedures, you ask for answers to the following questions:
|
|
|
|
1) What is the protocol between the user machine and the server
|
|
machine?
|
|
|
|
It is the TLS 1.0 or SSL 3.0 protocol as defined in
|
|
<draft-ietf-tls-protocol-00.txt> & <draft-ietf-tls-ssl-mods-00.txt>.
|
|
|
|
2) What message formats, types, op codes, sequences are used?
|
|
|
|
It is the TLS 1.0 or SSL 3.0 protocol as defined in
|
|
<draft-ietf-tls-protocol-00.txt> & <draft-ietf-tls-ssl-mods-00.txt>.
|
|
|
|
3) What functions are performed by this protocol?
|
|
|
|
Securing and authenticating the transport independently of the application
|
|
protocol.
|
|
|
|
4) Is broadcast or multicast used? If so, how and what for?
|
|
|
|
No -- TCP only is defined by TLS/SSL at this point, however, we'd like to
|
|
at least hold the UDP ports in reserve for the future.
|
|
|
|
5) Do you want a well-known assigned system port in the range 0-1023,
|
|
or a registered user port in the range 1024-65535 ?
|
|
|
|
They need to be in a the well known range as they are largely being
|
|
implemented initially by unix developers who want to be sure that it is the
|
|
well-known range.
|
|
|
|
6) What short name (14 character maximum) do you want associated with
|
|
this port number?
|
|
|
|
ftps-data 889/tcp ftp protocol, data, over TLS/SSL
|
|
ftps 990/tcp ftp protocol, control, over TLS/SSL
|
|
imaps 991/tcp imap4 protocol over TLS/SSL
|
|
telnets 992/tcp telnet protocol over TLS/SSL
|
|
ircs 993/tcp irc protocol over TLS/SSL
|
|
|
|
If there are any questions as to our authority to request such changes,
|
|
these changes have been run by the WG Chair, Win Treese
|
|
<<a href="mailto:treese@OpenMarket.com?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">treese@OpenMarket.com</a>>and Jeff Schiller <<a href="mailto:jis@mit.edu?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">jis@mit.edu</a>> is the IESG area
|
|
director over the TLS WG. In addition, these requests were run by Netscape,
|
|
Microsoft, the SSL-Talk mailing list and the IETF-TLS working group mailing
|
|
list, and rough consensus was achieved before being sent to you.
|
|
|
|
If you have any questions, please feel free to give me a call at
|
|
510/559-1500 or email me at Christopher Allen <<a href="mailto:ChristopherA@consensus.com?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">ChristopherA@consensus.com</a>>.
|
|
|
|
|
|
------------------------------------------------------------------------
|
|
..Christopher Allen Consensus Development Corporation..
|
|
..<<a href="mailto:ChristopherA@consensus.com?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">ChristopherA@consensus.com</a>> 1563 Solano Avenue #355..
|
|
.. Berkeley, CA 94707-2116..
|
|
..Home of "SSL Plus: o510/559-1500 f510/559-1505..
|
|
.. SSL 3.0 Integration Suite(tm)" <<a href="http://www.consensus.com/SSLPlus/">http://www.consensus.com/SSLPlus/</a>>..
|
|
</pre>
|
|
<span id="received"><dfn>Received on</dfn> Friday, 7 February 1997 17:28:49 UTC</span>
|
|
</div>
|
|
<!-- body="end" -->
|
|
<div class="foot">
|
|
<map id="navbarfoot" name="navbarfoot" title="Related messages">
|
|
<ul class="links">
|
|
<li><dfn>This message</dfn>: [ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0079.html#start79">Message body</a> ]</li>
|
|
<!-- lnext="start" -->
|
|
<li><dfn>Next message</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0080.html" title="Next message in the list">Eric Murray: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."</a></li>
|
|
<li><dfn>Previous message</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0078.html" title="Previous message in the list">Dan Simon: "RE: Shared Secret Authentication"</a></li>
|
|
<!-- lnextthread="start" -->
|
|
<li><dfn>Next in thread</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0080.html" title="Next message in this discussion thread">Eric Murray: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."</a></li>
|
|
<li><a name="replies" id="replies"></a>
|
|
<dfn>Reply</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0080.html" title="Message sent in reply to this message">Eric Murray: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."</a></li>
|
|
<li><dfn>Reply</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0081.html" title="Message sent in reply to this message">Pat Richard: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."</a></li>
|
|
<li><dfn>Maybe reply</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0085.html" title="Message sent in reply to this message">Ray Sarna: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."</a></li>
|
|
<li><dfn>Maybe reply</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0095.html" title="Message sent in reply to this message">Rodney Thayer: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."</a></li>
|
|
<li><dfn>Maybe reply</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0102.html" title="Message sent in reply to this message">David P. Kemp: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."</a></li>
|
|
<li><dfn>Maybe reply</dfn>: <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/0105.html" title="Message sent in reply to this message">David Brownell - JavaSoft: "Re: NEW DRAFT: Regularizing Port Numbers for SSL."</a></li>
|
|
<!-- lreply="end" -->
|
|
</ul>
|
|
<ul class="links">
|
|
<li><a name="options3" id="options3"></a><dfn>Mail actions</dfn>: [ <a href="mailto:ietf-tls@w3.org?Subject=Re%3A%20NEW%20DRAFT%3A%20Regularizing%20Port%20Numbers%20for%20SSL.&In-Reply-To=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E&References=%3Cv03101406af215a4fc3b3%40%5B157.22.240.12%5D%3E">respond to this message</a> ] [ <a href="mailto:ietf-tls@w3.org">mail a new topic</a> ]</li>
|
|
<li><dfn>Contemporary messages sorted</dfn>: [ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/index.html#msg79" title="Contemporary messages by date">by date</a> ] [ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/thread.html#msg79" title="Contemporary discussion threads">by thread</a> ] [ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/subject.html#msg79" title="Contemporary messages by subject">by subject</a> ] [ <a href="https://lists.w3.org/Archives/Public/ietf-tls/1997JanMar/author.html#msg79" title="Contemporary messages by author">by author</a> ]</li>
|
|
<li><dfn>Help</dfn>: [ <a href="https://lists.w3.org/Help/" accesskey="h" rel="help">How to use the archives</a> ] [ <a href="https://www.w3.org/Search/Mail/Public/search?type-index=ietf-tls&index-type=t">Search in the archives</a> ]
|
|
</li></ul>
|
|
</map>
|
|
</div>
|
|
<!-- trailer="footer" -->
|
|
<p><small><em>
|
|
This archive was generated by <a href="http://www.hypermail-project.org/">hypermail 2.3.1</a>
|
|
: Tuesday, 6 January 2015 20:02:00 UTC
|
|
</em></small></p>
|
|
|
|
|
|
</body></html> |