> On Sat, 2006-03-18 at 09:38 -0800, Eliot Lear wrote: > > This therefore leads to two questions for the community: > > > > 1. Are well known ports archaic? If so, can we request that the IANA > > do away with the distinction? > > 2. If they are not archaic, under what circumstances should they be > > allocated? > new protocols can not rely on the security the priveleged ports provide, > but there are still many such protocols in use (e.g. LPD, port 515), and > so the distinction is useful for administrators configuring userspace' > access to ports on workstations. The problem is this cuts both way. The privileged port concept has some marginal utility on multiuser systems where you don't Joe-random-user to grab some port for a well known service. OTOH, this forces servers running on those ports to have privileges (usually in the form of running as root) for some period of time. The need to operate with privileges complicates server design, may impose difficult constraints on activities like configuration reloads, and may lead to remote vulnerabilities. So, for a production server with no local users, the privileged port restriction can do much more harm than good. And finally, we have plenty of protocols that make just as much sense on multiuser systems as they do on a production server with no local users. So it is impossible to get this right. The solution is to abandon the coarse grained root-access-to-low-ports security model entirely in favor of some form of finer grained access control. In the meantime, I'm with Harald: Flip a coin and be done with it. Ned _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf