[BXXPwg] re draft-mrose-bxxp-design-00.txt

James Aylett james-ietf@tartarus.org
Fri, 10 Nov 2000 10:08:03 +0000

On Thu, Nov 09, 2000 at 04:41:30PM -0800:

["TLS uses one port" interpretation of 3.6 in:]
> http://www.ietf.org/internet-drafts/draft-mrose-beep-design-00.txt

Marshall Rose wrote:
> > specifically, the observation that the difference lies in the provisioning
> > (one port or two) addresses your comment.

Jeff.Hodges@kingsmountain.com wrote:
> I feel it is reasonable to presume that it won't be uncommon for
> readers, who for whatever reason lack sufficient context, to
> (incorrectly) interpret this clause..
>   "a server implementing an application protocol that is TLS-enabled listens
>    on a single port for plaintext traffic;"
> ..as saying that listening on a single port is a property of TLS itself

As someone who hadn't read the TLS spec, or really had any exposure to 
TLS in detail, I can confirm this. And while I wouldn't think I'd
understood everything here until I'd chased the references, I think a
minor rewording in the interest of clarity would be useful.

> Here for your consideration is what I came up with:
> 3.6 Privacy
> The key difference between the original typical use of SSL and the
> typical as-specified use of TLS, is one of provisioning. With the
> original SSL usage, a world-wide web server would listen on two
> ports by convention, one for plaintext traffic and the other for
> secured traffic; in contrast, a server implementing an application
> protocol that is specified as TLS-enabled (e.g.  [RFC2487,
> RFC2595]), conventionally listens on a single port for plaintext
> traffic; once a connection is established, the use of TLS is
> negotiated by the peers.

Is the first sentence of that paragraph strictly necessary? It strikes 
me as overly cumbersome, without actually adding much to the text. The 
main problem I see with it is the lack of clarity in having to
continually read variants on "typical as-specified". Wouldn't removing 
that sentence, and inserting at the end:

  The key difference here is thus one of provisioning.

convey the same information but be much easier to read?


  James Aylett                                           www.zap.uk.eu.org
  james@tartarus.org                                    www.footlights.org