----- Original Message -----
From: "Lars Eggert" <lars(_dot_)eggert(_at_)nokia(_dot_)com>
To: "t.petch" <daedulus(_at_)btconnect(_dot_)com>
Cc: "Cullen Jennings" <fluffy(_at_)cisco(_dot_)com>; "IESG IESG"
<iesg(_at_)ietf(_dot_)org>; "IETF
discussion list" <ietf(_at_)ietf(_dot_)org>
Sent: Thursday, January 27, 2011 7:11 PM
On 2011-1-27, at 18:58, t.petch wrote:
And what happens when we have ProtocolX over SSH and ProtocolX over TLS?
Must they share a port, with ProtocolX, which has been quietly using its
assigned port for
20 years?
No. The expert reviewer can obviously assign a second port in that case (if
ProtocolX doesn't have a feature negotiation capability built in so that the
port could be shared.)
But we don't want to allocate multiple ports for the different security flavors
of *new* protocols. At least we want this to be the exception.
The expert team is (from what I hear) seeing frequent applications that look
like "Hi, we're company X and our foo protocol runs on TCP. We'd like a port for
that, and one for when we run foo over TLS."
</tp>
Right. What I had not noticed, although I have read several versions of this
I-D, is that it says
a lot about new applications, and not much - if anything - about old. I have
never been involved in
a new application, only with retrofitting security to old, TLS or SSH, and so my
views are coloured by
that. The expectation of WGs seems to be to expect a new port when adding
either TLS or SSH
to something that has been happily chugging along for decades without it, and I
expect in future,
the same to apply when adding SSH or TLS support to a protocol with TLS or SSH
support
respectively, and would not want this I-D to make that much more difficult.
Is there any text about this, old protocol, situation, for I cannot see any? Or
are we at the mercy
of the expert reviewer?
Tom Petch
</tp>
Lars=
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf