[BXXPwg] re draft-mrose-bxxp-design-00.txt
Wed, 08 Nov 2000 12:45:24 -0800
> ... in contrast, a server implementing an application
> protocol that is TLS-enabled listens on a single port for plaintext
> traffic; once a connection is established, the use of TLS is
> negotiated by the peers.
This isn't a property of TLS itself -- it's simply how "we" ("we" being the
folks that've written foo-over-tls drafts/rfcs, e.g. rfc2817, rfc2830) thought
foo-over-tls (or foo-over-ssl, or foo-over-whatever-session-layer for that
matter) ought to be done, in contrast to the then-prevailing approach of
allocating two well-known ports in
http://www.isi.edu/in-notes/iana/assignments/port-numbers (e.g. http|https,
ldap|ldaps, and so on).
I'd heard that the IESG "said" that they would no longer bless allocation of
separate "secure" and "unsecured" ports for a given protocol -- rather they'd
allocate a single port and it's up to the protocol to have a mechanism for
instantiating a secure session layer if desired -- but I'm unable to find an
actual proclamation saying that.