[NNTP] Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard

Julien ÉLIE julien at trigofacile.com
Fri Dec 2 14:13:39 PST 2016


Hi Sabahattin,

>> As strict TLS over a dedicated port is the current TLS best
>> practice to use, what should we do for transit servers?  We
>> currently have no NNSP/TLS port.  Do you believe we should ask to
>> register a new port NNSP/TLS? Otherwise, what should we recommend?
>> (My fear is that adoption and use of that new port by news servers
>> will be slow, or even will never be happening...)
>
> Not for me to argue with the wisdom of the crowd, I'm sure, but I've
> never liked the idea of going back to TLS "wrapper" ports; it just
> wastes precious IANA resources for absolutely no reason whatsoever
> and, as you just highlighted, is in any event unlikely to make a
> meaningful impact in practice.
>
> Maybe you could compromise; describe the use of the secure port, give
> it a name, but then only register that port when implementers go
> looking for it.  Downside is that the RFC cannot specify a fixed port
> number.

Thanks for your valuable comment.

Would the following wording suit you?

   TCP port 563 is dedicated to NNTP over TLS, and registered in the
   IANA Service Name and Transport Protocol Port Number Registry for
   that usage.  NNTP implementations using TCP port 563 begin the TLS
   negotiation immediately upon connection and then continue with the
   initial steps of an NNTP session.  This use of strict TLS on a
   separate port is the preferred way of using TLS with NNTP.

   If a host wishes to offer separate servers for transit and reading
   clients, TCP port 563 SHOULD be used for the reading server using
   strict TLS.  Regarding the transit server, though TCP port 433 is
   registered for NNSP (Network News Streaming Protocol), no dedicated
   port is currently registered for NNSP over TLS.  If a transit server
   offers strict TLS, it SHOULD either use TCP port 433 if it does not
   accept connections without TLS, or another unused port of its choice
   communicated to all its clients using strict TLS.



Question to all:  is NNSP still a name to be used?  I do not see it in 
RFCs, but only in the IANA service name registry.
Maybe we should ask to rename that port to NNTP?



FYI, RFC 3977 uses the following wording:

    The official TCP port for the NNTP service is 119.  However, if a
    host wishes to offer separate servers for transit and reading
    clients, port 433 SHOULD be used for the transit server and 119 for
    the reading server.

-- 
Julien ÉLIE

« – Tu n'as rien remarqué d'étrange chez cet Arverne ?
   – Oui, son accent. » (Astérix)


More information about the ietf-nntp mailing list