[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] Groups - kmip-https-profile-v1.0-wd04.pdf uploaded
We also want to make sure we spell out that port 443 as the default port for HTTPS, not just say it. My question is, should there be a statement that it is possible to serve both using the same port and it is recommended that if you configure HTTPS to port 5696, you should still provide the ability to use TTLV over TLS on 5696 as well. While I am not a fan of mapping one port over an already assigned port I guess it should be possible although not really a best practice when people scan known ports since it is quicker than scanning all ports. Looks like HTTPS, smells like HTTPS, feels like HTTPS, probably is HTTPS. Most people who remap ports do not use standard ports if they remap at all. Bob L. -----Original Message----- From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of John Leiseboer Sent: Monday, July 30, 2012 5:22 AM To: Tim Hudson; kmip@lists.oasis-open.org Subject: RE: [kmip] Groups - kmip-https-profile-v1.0-wd04.pdf uploaded In an effort to agree on wording for Section 2.2 of the HTTPS profile proposal, I'd like to propose the following change: ----- 2.2 KMIP Port Number It is noted that: 1. IANA has assigned TCP port number 443 for HTTPS messages; 2. IANA has assigned TCP port number 5696 for KMIP messages; and 3. Key Management Interoperability Protocol Profiles Version 1.1 (latest version) recommends that a KMIP server complying with Key Management Interoperability Protocol Specification Version 1.1 (latest version) SHOULD use port 5696. KMIP clients SHALL enable end user configuration of the TCP port number used, as a KMIP server may use a TCP port number different to IANA assignments. ----- From my point of view, this wording removes my concern about forcing both KMIP/TTLV and KMIP/HTTPS to simultaneously share port 5696 when a user wants to use only KMIP/HTTPS on port 5696. I think it also reflects Bob Lockhart's comments on port configuration being a user concern. I hope that it also makes it clear that port 5696 has been assigned by IANA for KMIP, and is recommended for use in the standard (which only specifies KMIP/TTLV at this time). Tim, Do you think that you can accept this change? If so, I would support your profile proposal subject to this change being made. Regards, John ----------------------------------------------------------------------- John Leiseboer QuintessenceLabs Pty Ltd Chief Technology Officer Suite 23, Physics Building #38 Phone: +61 7 5494 9291 (Qld) Science Road Phone: +61 2 6125 9498 (ACT) Australian National University Mobile: +61 409 487 510 Acton ACT 0200 Fax: +61 2 6125 7180 AUSTRALIA Email: jl@quintessencelabs.com www.quintessencelabs.com ----------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: kmip-unsubscribe@lists.oasis-open.org For additional commands, e-mail: kmip-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]