[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Application for port-number (system-klensin) (revised) (fwd)

To: Harald Tveit Alvestrand <harald@alvestrand.no>, "Steven M. Bellovin" <smb@research.att.com>
Subject: Re: Application for port-number (system-klensin) (revised) (fwd)
From: hardie@qualcomm.com
Date: Fri, 7 Nov 2003 12:05:03 -0800
Cc: iesg@ietf.org
In-reply-to: <173134113.1068204899@[192.168.1.44]>
References: <20031106141633.EF8E27B43@berkshire.research.att.com> <125206697.1068156971@localhost> <p06010202bbd19118c168@[129.46.227.161]> <173134113.1068204899@[192.168.1.44]>

At 11:34 AM -0800 11/07/2003, Harald Tveit Alvestrand wrote:
>
>- the service approach has not been explored. John has started exploring it, and gotten an "interested" response. It may turn out to "win" and become "well known". We don't know yet - in either direction. So I don't think that we should attempt to stop this experiment.

Let's sketch out this service approach for a moment.

I have a device which produces strings in some encoding.  I need to
have them in some other encoding for them to be useful in a specific
context.  I send the string to a service somewhere on the net and
get back a string in that other encoding.  I then use that string
in the new context.

Let's make that more concrete.

I have a device that produces only UTF-8, and I need punycode to construct
a domain name.  I send the UTF-8 string to a service (how did I discover
that it offered this particular variant on the service?  Do all servers offer all
possible variants of source and target encodings?   How do I find a server
in the first place?)  and I get back a string.  Do I have any facilities
to check if the string is well-formed?  Obviously, I don't have the facilities
to check if it is the right string, so I have to trust the service.  Given that,
is there any provision for a cryptographic signature of the answer, so I
have a way to trust there wasn't a man-in-the-middle changing the
answer?  (We're busily constructing DNSSec so we can make sure the
answers coming out of the DNS are the ones the zone maintainer
signed, but we're going to put a protocol like this in front of the
queries to the DNS?)  Given that this is a likely front-end to internationalized
queries to be sent to the DNS, is there any provision for maintaining the
privacy of the people sending the queries, so that these services don't
end up with a raft of at least moderately sensitive data?

>
>If this level of argument isn't enough to allocate a system port, then where should the bar be?

I don't know whether the system port is worth the argument, but the
protocol as it has been described so far would flunk security, discovery,
and scalability as a candidate for Proposed Standard.  If you were asking
me for a seat-of-the pants answer, I'd say the bar ought to be there:
something that won't flunk those.  But with echo, chargen, and friends
out there as low-level ports it may be stupid of me to bother at
this point in the party.
				Ted

References:
- Re: Application for port-number (system-klensin) (revised) (fwd)
  - From: "Steven M. Bellovin" <smb@research.att.com>
- Re: Application for port-number (system-klensin) (revised) (fwd)
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>
- Re: Application for port-number (system-klensin) (revised) (fwd)
  - From: hardie@qualcomm.com
- Re: Application for port-number (system-klensin) (revised) (fwd)
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: Application for port-number (system-klensin) (revised) (fwd)
Next by Date: HTTP intercept, with a twist
Previous by thread: Re: Application for port-number (system-klensin) (revised) (fwd)
Next by thread: RE: Application for port-number (system-klensin) (revised) (fwd)
Index(es):
- Date
- Thread