Stephane Bortzmeyer writes:
On Sun, Mar 19, 2006 at 12:42:17PM -0800,
Ned Freed <ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote
a message of 35 lines which said:
The privileged port concept has some marginal utility on multiuser
systems where you don't Joe-random-user to grab some port for a
well known service.
"had", not "has". The concept was invented at a time where multi-users
machines were rare and expensive monsters. So, a request coming from
source port 513 probably was "serious". Today, any highschool student
is root on his PC and therefore this protection is almost useless.
Stephane, you are thinking of a different "security mechanism" based
on ports <1024 - the one used by the infamous Berkeley r* utilities to
decide whether to trust a client's credentials. This mechanism
doesn't use well-known ports, but "ephemeral" ports <1024 on the
client side. I think it is fairly much consensus that this kind of
mechanism has become useless years ago, for the reason you state.
What we are collecting input on is for which kinds of use (if any) a
privileged/well-known (as opposed to just IANA "registered") *server*
port makes sense.
--
Simon.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf