[BXXPwg] re draft-mrose-bxxp-design-00.txt

bxxpwg@invisibleworlds.com bxxpwg@invisibleworlds.com
Wed, 08 Nov 2000 12:45:24 -0800


>                ...  in contrast, a server implementing an application
>    protocol that is TLS-enabled listens on a single port for plaintext
>    traffic; once a connection is established, the use of TLS is
>    negotiated by the peers.


This isn't a property of TLS itself -- it's simply how "we" ("we" being the 
folks that've written foo-over-tls drafts/rfcs, e.g. rfc2817, rfc2830) thought 
foo-over-tls (or foo-over-ssl, or foo-over-whatever-session-layer for that 
matter) ought to be done, in contrast to the then-prevailing approach of 
allocating two well-known ports in
http://www.isi.edu/in-notes/iana/assignments/port-numbers (e.g. http|https, 
ldap|ldaps, and so on).

I'd heard that the IESG "said" that they would no longer bless allocation of 
separate "secure" and "unsecured" ports for a given protocol -- rather they'd 
allocate a single port and it's up to the protocol to have a mechanism for 
instantiating a secure session layer if desired -- but I'm unable to find an 
actual proclamation saying that.


JeffH