----- Original Message ----- From: "Lars Eggert" <lars.eggert@xxxxxxxxx> To: "t.petch" <daedulus@xxxxxxxxxxxxx> Cc: "Cullen Jennings" <fluffy@xxxxxxxxx>; "IESG IESG" <iesg@xxxxxxxx>; "IETF discussion list" <ietf@xxxxxxxx> Sent: Thursday, January 27, 2011 7:11 PM On 2011-1-27, at 18:58, t.petch wrote: > And what happens when we have ProtocolX over SSH and ProtocolX over TLS? > > Must they share a port, with ProtocolX, which has been quietly using its > assigned port for > 20 years? No. The expert reviewer can obviously assign a second port in that case (if ProtocolX doesn't have a feature negotiation capability built in so that the port could be shared.) But we don't want to allocate multiple ports for the different security flavors of *new* protocols. At least we want this to be the exception. The expert team is (from what I hear) seeing frequent applications that look like "Hi, we're company X and our foo protocol runs on TCP. We'd like a port for that, and one for when we run foo over TLS." </tp> Right. What I had not noticed, although I have read several versions of this I-D, is that it says a lot about new applications, and not much - if anything - about old. I have never been involved in a new application, only with retrofitting security to old, TLS or SSH, and so my views are coloured by that. The expectation of WGs seems to be to expect a new port when adding either TLS or SSH to something that has been happily chugging along for decades without it, and I expect in future, the same to apply when adding SSH or TLS support to a protocol with TLS or SSH support respectively, and would not want this I-D to make that much more difficult. Is there any text about this, old protocol, situation, for I cannot see any? Or are we at the mercy of the expert reviewer? Tom Petch </tp> Lars= _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf