[BXXPwg] re draft-mrose-bxxp-design-00.txt

Marshall T. Rose mrose+mtr.netnews@dbc.mtview.ca.us
Wed, 8 Nov 2000 14:35:14 -0800


hi. i think you're missing the sentence before. here is the entire text:

   The key difference between the original mechanism and TLS, is one of
   provisioning. In the initial approach, a world-wide web server would
   listen on two ports, one for plaintext traffic and the other for
   secured traffic; in contrast, a server implementing an application
   protocol that is TLS-enabled listens on a single port for plaintext
   traffic; once a connection is established, the use of TLS is
   negotiated by the peers.

specifically, the observation that the difference lies in the provisioning
(one port or two) addresses your comment.

/mtr

----- Original Message -----
From: <Jeff.Hodges@kingsmountain.com>
To: <bxxpwg@invisibleworlds.com>
Sent: Wednesday, November 08, 2000 12:45
Subject: Re: [BXXPwg] re draft-mrose-bxxp-design-00.txt


>
> >                ...  in contrast, a server implementing an application
> >    protocol that is TLS-enabled listens on a single port for plaintext
> >    traffic; once a connection is established, the use of TLS is
> >    negotiated by the peers.
>
>
> This isn't a property of TLS itself -- it's simply how "we" ("we" being
the
> folks that've written foo-over-tls drafts/rfcs, e.g. rfc2817, rfc2830)
thought
> foo-over-tls (or foo-over-ssl, or foo-over-whatever-session-layer for that
> matter) ought to be done, in contrast to the then-prevailing approach of
> allocating two well-known ports in
> http://www.isi.edu/in-notes/iana/assignments/port-numbers (e.g.
http|https,
> ldap|ldaps, and so on).
>
> I'd heard that the IESG "said" that they would no longer bless allocation
of
> separate "secure" and "unsecured" ports for a given protocol -- rather
they'd
> allocate a single port and it's up to the protocol to have a mechanism for
> instantiating a secure session layer if desired -- but I'm unable to find
an
> actual proclamation saying that.
>
>
> JeffH
>
>
>
>
> _______________________________________________
> BXXPwg mailing list
> BXXPwg@lists.invisible.net
> http://lists.invisible.net/mailman/listinfo/bxxpwg
>