[BXXPwg] re draft-mrose-bxxp-design-00.txt
Marshall T. Rose
Wed, 8 Nov 2000 14:35:14 -0800
hi. i think you're missing the sentence before. here is the entire text:
The key difference between the original mechanism and TLS, is one of
provisioning. In the initial approach, a world-wide web server would
listen on two ports, one for plaintext traffic and the other for
secured traffic; in contrast, a server implementing an application
protocol that is TLS-enabled listens on a single port for plaintext
traffic; once a connection is established, the use of TLS is
negotiated by the peers.
specifically, the observation that the difference lies in the provisioning
(one port or two) addresses your comment.
----- Original Message -----
Sent: Wednesday, November 08, 2000 12:45
Subject: Re: [BXXPwg] re draft-mrose-bxxp-design-00.txt
> > ... in contrast, a server implementing an application
> > protocol that is TLS-enabled listens on a single port for plaintext
> > traffic; once a connection is established, the use of TLS is
> > negotiated by the peers.
> This isn't a property of TLS itself -- it's simply how "we" ("we" being
> folks that've written foo-over-tls drafts/rfcs, e.g. rfc2817, rfc2830)
> foo-over-tls (or foo-over-ssl, or foo-over-whatever-session-layer for that
> matter) ought to be done, in contrast to the then-prevailing approach of
> allocating two well-known ports in
> http://www.isi.edu/in-notes/iana/assignments/port-numbers (e.g.
> ldap|ldaps, and so on).
> I'd heard that the IESG "said" that they would no longer bless allocation
> separate "secure" and "unsecured" ports for a given protocol -- rather
> allocate a single port and it's up to the protocol to have a mechanism for
> instantiating a secure session layer if desired -- but I'm unable to find
> actual proclamation saying that.
> BXXPwg mailing list