Re: [Cfrg] [saag] Algorithm upgrades

["D. J. Bernstein" <djb at cr.yp.to>]

RJ Atkinson writes:
> It would be remarkably bad protocol design to burn an additional
> port number just to indicate an algorithm difference.

Why?

An obvious advantage of putting ssh on a separate port from telnet is
that---since UNIX makes it easy to have separate programs for separate
ports---sshd was easier to write, and telnetd was easier to turn off.
If they had been on the same port, with the ssh encryption as a telnet
option, then implementors would have had fewer options.

Similarly, it has been helpful to put mail submission on a separate port
from SMTP, and it has been helpful to put HTTP on a separate port from
FTP, and it would have been extremely helpful to put DNS caches on a
separate port from DNS servers. What's the disadvantage?

I don't claim that UNIX has the same modularity for handling separate
IPSecDES and IPSecAES protocols, but I still don't see what you think
the disadvantage is. Do you think we're running out of IP protocol
numbers? Were you also saying that the use of both 50 and 51 for IPSec
(and UDP port 500) was ``remarkably bad protocol design''?

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg