On Tue, Feb 1, 2011 at 2:14 AM, Magnus Westerlund
<magnus.westerl...@ericsson.com> wrote:
> Cullen Jennings skrev 2011-01-31 18:44:
>>
>> Magnus, I agree with what you are saying here but you are avoiding the issue
>> I am concerned with. Is allocating a second port for the secure version of a
>> document a frivolous use case or not? I read this draft as saying it is.
>> Others read the draft as saying it is not and that type of allocation is
>> fine. This seems fairly easy to deal with - first lets agree if particular
>> 2nd port for secure version is a reason to reject requests or not then see
>> if any text needs to be adjusted in the draft to reflect that.
>
> Well, frankly I don't know. I think it is something that can be avoided
> going forward in many use cases, but not all. Simply by thinking of this
> issue in the design phase. In addition there is clearly other solutions
> there other considerations, like NAT traversal has said, yes
> multiplexing is a must, thus live with even higher complexity costs.
>
> The issue I have a problem with is that is we say on general basis that
> due to negotiation of security protocols we are allowed to use different
> ports for negotiation or simply usage of it. Then why is that different
> from different versions of the protocol, or feature support. What is the
> difference for a security protocol compared to these other issues?
>
> What I am worried here is that we will see an increased port consumption
> rather than a decreased one. At the current run rate I think the
> estimate is 50 years+ before run out. That is something that I am
> reasonably comfortable, but if the consumption rate increases four
> times, then I am suddenly not comfortable. So I am pretty certain that
> we need to aim at lowering the consumption rather than raising it.
>
> As I see it there are only one way of doing it.
>
> - State clearly that you really need to do everything reasonable so that
> your application is only for one port.
> - Be reasonably tough from the expert reviewer to ensure that applicants
> has done this.
>
> And from that perspective I don't think security is special in anyway.
> It is only one of several things that could potentially require
> additional registered ports. Yes security is important, but as
> previously discussed it doesn't appear that the actual level of security
> provided is different if you are forced to use one port or two. It might
> affect the ease of implementation and deployment of security, which is
> another aspect of impact.
>
>
> Cheers
>
> Magnus Westerlund
>
> ----------------------------------------------------------------------
> Multimedia Technologies, Ericsson Research EAB/TVM
> ----------------------------------------------------------------------
> Ericsson AB | Phone +46 10 7148287
> Färögatan 6 | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden| mailto: magnus.westerl...@ericsson.com
> ----------------------------------------------------------------------
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
