RE: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)

To: "Hallam-Baker, Phillip" <pbaker at verisign.com>, Jeffrey Hutzelman <jhutz at cmu.edu>, John C Klensin <john-ietf at jck.com>, ietf at ietf.org
Subject: RE: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)
From: Harald Tveit Alvestrand <harald at alvestrand.no>
Date: Mon, 18 Jul 2005 09:38:55 +0200
Cc:
In-reply-to: <198A730C2044DE4A96749D13E167AD372503EE@MOU1WNEXMB04.vcorp.ad.vrsn.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <198A730C2044DE4A96749D13E167AD372503EE@MOU1WNEXMB04.vcorp.ad.vr sn.com>
Sender: ietf-bounces at ietf.org

--On fredag, juli 15, 2005 13:11:09 -0700 "Hallam-Baker, Phillip" <pbaker at verisign.com> wrote:

From: Jeffrey Hutzelman [mailto:jhutz at cmu.edu]

On Friday, July 15, 2005 11:48:28 AM -0700 "Hallam-Baker, Phillip"
<pbaker at verisign.com> wrote:

Agree, for the most part.  Fixed port numbers do have some
operational
advantages, though...


They certainly have operational advantages for managers of firewalls
that don't have the ability to perform filtering that is any more
specific.

And this had led protocol designers to run every new protocol over port
80 using the firewall bypass protocol HTTP.


One nice feature of using DNS is that it means that you can perform a
lot of control through the signalling channel alone.

warning... implementing control by denying information (such as not telling the bad guy which port the secured-by-obscurity process is ACTUALLY running on) is not terribly good security. It is certainly reasonable control over people who want to be controlled ("management"), but not very good control over people who do not want to be controlled ("security").

The story that comes to mind is attributed to the Norwegian railroad company, early 1940 (in April 1940, Norway was occupied by Nazi Germany....).

 Head conductor: "And in case of war, how would you deny the enemy the
     use of the railway system?"
 Junior conductor: "Burn all the tickets, SIR!"

Of course, if all protocols (and their implementations) were sufficiently secure themselves, firewalls wouldn't be needed, and the Net would be simpler than it is. But wishing won't make it so....


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- RE: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)
  - From: Hallam-Baker, Phillip

Prev by Date: A reference too wonderful not to share - "S4"
Next by Date: Re: A proposed experiment in narrative minutes of IESG meetings
Previous by thread: RE: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)
Next by thread: Need for an open access IPv6 working group at the IETF
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

RE: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.