> For reasons other than security (e.g., see RFC 6335), TLS-only ports > have been deprecated and discouraged over the years in various > application protocols. For example, in Jabber/XMPP we once used port > 5223 for SSL-only communications (this was in 1999-2004), and used port > 5222 for unencrypted communications (similar to the HTTP convention of > the day). When XMPP was standardized at the IETF in RFC 3920, the IESG > told the XMPP WG to use STARTTLS upgrade on port 5222 (not a TLS-only > port of 5223), and we complied.
This may be the current practice, but is it something that we want to keep or encourage? "Just starting TLS" is clearly simpler and more robust than first going through a "STARTTLS" negotiation. I think it would make perfect sense to allocate TLS only ports for services that we want to transition to a "default TLS" posture. RFC 6335 explains why IANA should preserve the port-numbers resource, and we could do that by phasing out usage of the clear-text only port, and then removing its registration. -- Christian Huitema _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
