Re: Last Call: <draft-ietf-tsvwg-port-use-06.txt> (Recommendations for Transport Port Number Uses) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/12/2014 23:56, The IESG wrote:
The IESG has received a request from the Transport Area Working Group WG
(tsvwg) to consider the following document:
- 'Recommendations for Transport Port Number Uses'
   <draft-ietf-tsvwg-port-use-06.txt> as Best Current Practice

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2014-12-22. Exceptionally, comments may be
sent to iesg@xxxxxxxx instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


    This document provides recommendations to application and service
    designers on how to use the transport protocol port number space. IT
    complements (but does not update) RFC6335, which focuses on IANA
    process.
My apologies for late review of the document. I generally think that the document is well written and is nearly done, but I have some comments/concerns.

1. Introduction

   This document provides information and advice to system designers on
   the use of transport port numbers. It provides a detailed historical
   background of the evolution of transport port numbers and their
   multiple meanings. It also provides specific recommendations to
   system designers on how to use assigned port numbers. Note that this
   document provides information to potential port number applicants
   that complements the IANA process described in BCP165 [RFC6335], but
   it does not update that document.

I am a bit confused by the status and purpose of this document. It is a BCP, but the introducting says that it is purely informational. But then the document has lots of RFC 2119 language.
Is there any intent for this document
to be of use to port expert reviewers, for example if they want to point
out why a particular port registration request is rejected?


In 7.1:

         Additional port numbers are not intended to replicate an
         existing service. For example, if a device is configured to
         use a typical web browser then it the port number used for
         that service is a copy of the http service that is already
         assigned to port number 80 and does not warrant a new
         assignment. However, an automated system that happens to use
         HTTP framing - but cannot be accessed by a browser - might be

I have some concerns about "be access by a browser".

One particular case I have in mind is when a service expose some data using JSON or ASN.1 (for example a certificate revocation list is returned), but also allow a browser to view certificate in a nice form using HTML (e.g. for debugging or convenience). I don't think the ability to return HTML automatically disqualify this from being an independent service, because the whole functionality supported by the service can't be implemented just by use of returned HTML.

Inserting "solely" before "by a browser" would address my concern.

         a new service. A good way to tell is "can an unmodified client
         of the existing service interact with the proposed service"?
         If so, that service would be a copy of an existing service and
         would not merit a new assignment.

In 7.4:

   Note however that a new service might not be eligible for IANA
   assignment of both an insecure and a secure variant of the same
   service, and similarly IANA might be skeptical of an assignment for

I don't think use of wording like "IANA might be skeptical" is correct here, because IANA doesn't define policy on this. IETF does. So let's call things with right names and don't misuse "IANA" here.

   an insecure port number for a secure service. In both cases,
   security of the service is compromised by adding the insecure port
   number assignment.

Similarly (in the same section): "IANA currently permits ..."




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]