Stephane Bortzmeyer writes: > On Sun, Mar 19, 2006 at 12:42:17PM -0800, > Ned Freed <ned.freed@xxxxxxxxxxx> wrote > a message of 35 lines which said: >> The privileged port concept has some marginal utility on multiuser >> systems where you don't Joe-random-user to grab some port for a >> well known service. > "had", not "has". The concept was invented at a time where multi-users > machines were rare and expensive monsters. So, a request coming from > source port 513 probably was "serious". Today, any highschool student > is root on his PC and therefore this protection is almost useless. Stephane, you are thinking of a different "security mechanism" based on ports <1024 - the one used by the infamous Berkeley r* utilities to decide whether to trust a client's credentials. This mechanism doesn't use well-known ports, but "ephemeral" ports <1024 on the client side. I think it is fairly much consensus that this kind of mechanism has become useless years ago, for the reason you state. What we are collecting input on is for which kinds of use (if any) a privileged/well-known (as opposed to just IANA "registered") *server* port makes sense. -- Simon. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf