On Tue, Feb 1, 2011 at 2:14 AM, Magnus Westerlund <magnus.westerlund@xxxxxxxxxxxx> wrote: > Cullen Jennings skrev 2011-01-31 18:44: >> >> Magnus, I agree with what you are saying here but you are avoiding the issue I am concerned with. Is allocating a second port for the secure version of a document a frivolous use case or not? I read this draft as saying it is. Others read the draft as saying it is not and that type of allocation is fine. This seems fairly easy to deal with - first lets agree if particular 2nd port for secure version is a reason to reject requests or not then see if any text needs to be adjusted in the draft to reflect that. > > Well, frankly I don't know. I think it is something that can be avoided > going forward in many use cases, but not all. Simply by thinking of this > issue in the design phase. In addition there is clearly other solutions > there other considerations, like NAT traversal has said, yes > multiplexing is a must, thus live with even higher complexity costs. > > The issue I have a problem with is that is we say on general basis that > due to negotiation of security protocols we are allowed to use different > ports for negotiation or simply usage of it. Then why is that different > from different versions of the protocol, or feature support. What is the > difference for a security protocol compared to these other issues? > > What I am worried here is that we will see an increased port consumption > rather than a decreased one. At the current run rate I think the > estimate is 50 years+ before run out. That is something that I am > reasonably comfortable, but if the consumption rate increases four > times, then I am suddenly not comfortable. So I am pretty certain that > we need to aim at lowering the consumption rather than raising it. > > As I see it there are only one way of doing it. > > - State clearly that you really need to do everything reasonable so that > your application is only for one port. > - Be reasonably tough from the expert reviewer to ensure that applicants > has done this. > > And from that perspective I don't think security is special in anyway. > It is only one of several things that could potentially require > additional registered ports. Yes security is important, but as > previously discussed it doesn't appear that the actual level of security > provided is different if you are forced to use one port or two. It might > affect the ease of implementation and deployment of security, which is > another aspect of impact. > > > Cheers > > Magnus Westerlund > > ---------------------------------------------------------------------- > Multimedia Technologies, Ericsson Research EAB/TVM > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > Färögatan 6 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@xxxxxxxxxxxx > ---------------------------------------------------------------------- > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf