On 6/22/14, 5:09 PM, Stephen Farrell wrote:
On 23/06/14 00:02, Christian Huitema wrote:
This may be the current practice, but is it something that we want to keep
or encourage? "Just starting TLS" is clearly simpler and more robust than
first going through a "STARTTLS" negotiation. I think it would make perfect
sense to allocate TLS only ports for services that we want to transition to
a "default TLS" posture. RFC 6335 explains why IANA should preserve the
port-numbers resource, and we could do that by phasing out usage of the
clear-text only port, and then removing its registration.
That seems like a good strategic approach to me, where we can
get it agreed. I suspect its not for this WG though, but yeah,
maybe sometime in the not-too-distant we can deprecate some
clear-text ports. (I wonder which would be the first where that
is practical?)
In XMPP, we have a way of signaling whether TLS negotiation is required,
and as of May 19th of this year the entire network has moved in that
direction:
https://github.com/stpeter/manifesto/blob/master/manifesto.txt
So I don't see that a TLS-only port (or two ports, since we have
separate ports for client-to-server and server-to-server connections)
does us any good, at least in the XMPP community. It sounds nice in
theory (we're more secure!), but in practice it makes no difference.
And I, for one, don't want to fight the RFC 6335 battles again.
Peter
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
