[NNTP] Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard
Julien ÉLIE
julien at trigofacile.com
Fri Dec 2 14:13:39 PST 2016
Hi Sabahattin,
>> As strict TLS over a dedicated port is the current TLS best
>> practice to use, what should we do for transit servers? We
>> currently have no NNSP/TLS port. Do you believe we should ask to
>> register a new port NNSP/TLS? Otherwise, what should we recommend?
>> (My fear is that adoption and use of that new port by news servers
>> will be slow, or even will never be happening...)
>
> Not for me to argue with the wisdom of the crowd, I'm sure, but I've
> never liked the idea of going back to TLS "wrapper" ports; it just
> wastes precious IANA resources for absolutely no reason whatsoever
> and, as you just highlighted, is in any event unlikely to make a
> meaningful impact in practice.
>
> Maybe you could compromise; describe the use of the secure port, give
> it a name, but then only register that port when implementers go
> looking for it. Downside is that the RFC cannot specify a fixed port
> number.
Thanks for your valuable comment.
Would the following wording suit you?
TCP port 563 is dedicated to NNTP over TLS, and registered in the
IANA Service Name and Transport Protocol Port Number Registry for
that usage. NNTP implementations using TCP port 563 begin the TLS
negotiation immediately upon connection and then continue with the
initial steps of an NNTP session. This use of strict TLS on a
separate port is the preferred way of using TLS with NNTP.
If a host wishes to offer separate servers for transit and reading
clients, TCP port 563 SHOULD be used for the reading server using
strict TLS. Regarding the transit server, though TCP port 433 is
registered for NNSP (Network News Streaming Protocol), no dedicated
port is currently registered for NNSP over TLS. If a transit server
offers strict TLS, it SHOULD either use TCP port 433 if it does not
accept connections without TLS, or another unused port of its choice
communicated to all its clients using strict TLS.
Question to all: is NNSP still a name to be used? I do not see it in
RFCs, but only in the IANA service name registry.
Maybe we should ask to rename that port to NNTP?
FYI, RFC 3977 uses the following wording:
The official TCP port for the NNTP service is 119. However, if a
host wishes to offer separate servers for transit and reading
clients, port 433 SHOULD be used for the transit server and 119 for
the reading server.
--
Julien ÉLIE
« – Tu n'as rien remarqué d'étrange chez cet Arverne ?
– Oui, son accent. » (Astérix)
More information about the ietf-nntp
mailing list