Re: [Editorial Errata Reported] RFC4960 (2592)

Hi folks,

In my opinion, the SECOND sentence of proposed "NEW" text 
within 14.1 below is not quite correct.

>>  [formerly proposed] NEW:
>>     The assignment of new chunk type codes is done through an
>>     IETF Review action, as defined in [RFC5226].  Documentation of a new
>>     chunk MUST contain the following information:

My suggested NEW:
       The assignment of new chunk type codes is done through an
       IETF Review action, as defined in [RFC5226].  Documentation of a new
       chunk type MUST contain the following information:
             ^^^^

"new chunk" is used throughout the document to mean newly 
arrived (not re-transmitted) packet components, and that
is not what is to be documented.

Sorry about this extra level of pedanticism.

Chris Benson.

On Fri, 29 Oct 2010, Michael T?xen wrote:

>>  Date: Fri, 29 Oct 2010 17:53:00 +0200
>>  From: Michael T?xen <Michael.Tuexen <at> lurchi.franken.de>
>>  To: Gorry Fairhurst <gorry <at> erg.abdn.ac.uk>
>>  Cc: James Polk <jmpolk <at> cisco.com>, tsvwg list <tsvwg <at> ietf.org>,

Re: TSVWG Status Update (Oct 2010)

Re: WGLC Announcement for draft-ietf-tsvwg-iana-ports-08 - 26th November2010

I do not support publication.

I commented earlier that

"I have a problem with this I-D in that it would appear to make no
distinction between allocation and assignment, and would seem to
include registration in the mix as well, at least at times, while hinting that
whatever these may be, ownership is something else. In the limited context of
transport
identifiers, this may not cause confusion but in closely allied registries,
allocation and assignment are fundamentally different processes and those who
interchange the two are confused and cause confusion."

and I still regard that as a show stopper.

Tom Petch

----- Original Message -----
From: "Gorry Fairhurst" <gorry <at> erg.abdn.ac.uk>
To: "tsvwg list" <tsvwg <at> ietf.org>
Cc: <tsvwg-chairs <at> tools.ietf.org>
Sent: Saturday, October 30, 2010 8:59 AM
Subject: WGLC Announcement for draft-ietf-tsvwg-iana-ports-08 - 26th
November2010

> This email announces the beginning of a working group last call for
> draft-ietf-tsvwg-iana-ports-08, "Internet Assigned Numbers Authority
> (IANA) Procedures for the Management of the Service Name and Transport
> Protocol Port Number Registry". This document is now thought to be ready
> to proceed to be published as a BCP. Please send any comments to the
> TSVWG list.
>
> The draft is available at:
> http://tools.ietf.org/html/draft-ietf-tsvwg-iana-ports-08
>
> The document will be forwarded in parallel to the Apps Area for review.
>
> The last call will run for FOUR weeks, ending Friday, 26th November 2010
> (this LC period will cover an IETF meeting).
>
> Emails saying "I support" or "I don't support" publication are also most
> helpful in judging the WG consensus.
>
> James and Gorry
> (TSVWG Chairs)
>
>
>
>

Re: WGLC Announcement for draft-ietf-tsvwg-iana-ports-08 - 26th November2010

Hi Tom,

Apparently your comment from January about the mix of terms was missed
and not addressed.

If I understand the English terms correctly, what we are describing that
IANA should do is Allocation, i.e. set aside identifiers for particular
usages. We are not giving over the number space to the ones that
request, thus Assignment would be wrong?

I think we can mostly eliminate one of the terms assignment and
allocation. I think we will have more difficult to get rid of
registration. My personal thinking on this is at least the following
relationship between the terms: A Registrant performs a Registration
(process or request) so that IANA can perform an Allocation of a service
name and possibly ports.

I think we will run into issues with some of our references that might
have had similar confusion between allocation and assignment.

But from my perspective, I think this is a valid comment and should be
addressed.

Cheers

Magnus

t.petch skrev 2010-11-03 10:09:
> I do not support publication.
> 
> I commented earlier that
> 
> "I have a problem with this I-D in that it would appear to make no
> distinction between allocation and assignment, and would seem to
> include registration in the mix as well, at least at times, while hinting that
> whatever these may be, ownership is something else. In the limited context of
> transport
> identifiers, this may not cause confusion but in closely allied registries,
> allocation and assignment are fundamentally different processes and those who
> interchange the two are confused and cause confusion."
> 
> and I still regard that as a show stopper.
> 
> Tom Petch
> 
> ----- Original Message -----
> From: "Gorry Fairhurst" <gorry <at> erg.abdn.ac.uk>
> To: "tsvwg list" <tsvwg <at> ietf.org>
> Cc: <tsvwg-chairs <at> tools.ietf.org>
> Sent: Saturday, October 30, 2010 8:59 AM
> Subject: WGLC Announcement for draft-ietf-tsvwg-iana-ports-08 - 26th
> November2010
> 
> 
>> This email announces the beginning of a working group last call for
>> draft-ietf-tsvwg-iana-ports-08, "Internet Assigned Numbers Authority
>> (IANA) Procedures for the Management of the Service Name and Transport
>> Protocol Port Number Registry". This document is now thought to be ready
>> to proceed to be published as a BCP. Please send any comments to the
>> TSVWG list.
>>
>> The draft is available at:
>> http://tools.ietf.org/html/draft-ietf-tsvwg-iana-ports-08
>>
>> The document will be forwarded in parallel to the Apps Area for review.
>>
>> The last call will run for FOUR weeks, ending Friday, 26th November 2010
>> (this LC period will cover an IETF meeting).
>>
>> Emails saying "I support" or "I don't support" publication are also most
>> helpful in judging the WG consensus.
>>
>> James and Gorry
>> (TSVWG Chairs)
>>
>>
>>
>>
> 
> 

--

-- 

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund <at> ericsson.com
----------------------------------------------------------------------

Re: I-D Action:draft-ietf-tsvwg-sctp-strrst-05.txt

What happens in a race condition, eg when one endpoint requests an Incoming SSN
Reset for streams 1,2,3 and simultaneously the other endpoint requests an
Outgoing SSN Reset for stream 2? (races are a bit of a mess in TCP)

E1 last sentence; which acknowledgement is being referred to?

Tom Petch

----- Original Message -----
From: "Randy Stewart" <randall <at> lakerest.net>
To: "t.petch" <ietfc <at> btconnect.com>
Cc: "Michael Tüxen" <Michael.Tuexen <at> lurchi.franken.de>; <gorry <at> erg.abdn.ac.uk>;
<tsvwg <at> ietf.org>
Sent: Tuesday, October 26, 2010 6:39 PM
Subject: Re: I-D Action:draft-ietf-tsvwg-sctp-strrst-05.txt

Re: WGLC Announcement for draft-ietf-tsvwg-iana-ports-08 - 26th November2010

----- Original Message -----
From: "Magnus Westerlund" <magnus.westerlund <at> ericsson.com>
To: "t.petch" <ietfc <at> btconnect.com>
Cc: "tsvwg list" <tsvwg <at> ietf.org>
Sent: Wednesday, November 03, 2010 1:46 PM

> Hi Tom,
>
> Apparently your comment from January about the mix of terms was missed
> and not addressed.
>
> If I understand the English terms correctly, what we are describing that
> IANA should do is Allocation, i.e. set aside identifiers for particular
> usages. We are not giving over the number space to the ones that
> request, thus Assignment would be wrong?
>
> I think we can mostly eliminate one of the terms assignment and
> allocation. I think we will have more difficult to get rid of
> registration. My personal thinking on this is at least the following
> relationship between the terms: A Registrant performs a Registration
> (process or request) so that IANA can perform an Allocation of a service
> name and possibly ports.

Magnus

That would address my concern. As you say, assign has more of an overtone
of a legal transfer of ownership, which allocate does not (even if my dictionary
defines allocate as assign  There is a lot of assignation in the current I-D
but
I think that most of it should be changed.

I like too the idea that registration is the request, and that IANA allocates,
and
again, there is a lot of registration and I think that most of it should be
changed.

It is unfortunate that the end result of an allocation by IANA is a registry but
I
do not think that that can be helped   Whatever terminology we agree on,
I think that the I-D should spell it out early on.

I did scan a variety of I-Ds with IANA actions and see IANA allocating,
registering
and assigning values in registries, with perhaps the last as the most common,
but that does
not make it the right choice for me.

Tom Petch

> I think we will run into issues with some of our references that might
> have had similar confusion between allocation and assignment.
>
> But from my perspective, I think this is a valid comment and should be
> addressed.
>
> Cheers
>
> Magnus
>
> t.petch skrev 2010-11-03 10:09:
> > I do not support publication.
> >
> > I commented earlier that
> >
> > "I have a problem with this I-D in that it would appear to make no
> > distinction between allocation and assignment, and would seem to
> > include registration in the mix as well, at least at times, while hinting
that
> > whatever these may be, ownership is something else. In the limited context
of
> > transport
> > identifiers, this may not cause confusion but in closely allied registries,
> > allocation and assignment are fundamentally different processes and those
who
> > interchange the two are confused and cause confusion."
> >
> > and I still regard that as a show stopper.
> >
> > Tom Petch
> >
> > ----- Original Message -----
> > From: "Gorry Fairhurst" <gorry <at> erg.abdn.ac.uk>
> > To: "tsvwg list" <tsvwg <at> ietf.org>
> > Cc: <tsvwg-chairs <at> tools.ietf.org>
> > Sent: Saturday, October 30, 2010 8:59 AM
> > Subject: WGLC Announcement for draft-ietf-tsvwg-iana-ports-08 - 26th
> > November2010
> >
> >
> >> This email announces the beginning of a working group last call for
> >> draft-ietf-tsvwg-iana-ports-08, "Internet Assigned Numbers Authority
> >> (IANA) Procedures for the Management of the Service Name and Transport
> >> Protocol Port Number Registry". This document is now thought to be ready
> >> to proceed to be published as a BCP. Please send any comments to the
> >> TSVWG list.
> >>
> >> The draft is available at:
> >> http://tools.ietf.org/html/draft-ietf-tsvwg-iana-ports-08
> >>
> >> The document will be forwarded in parallel to the Apps Area for review.
> >>
> >> The last call will run for FOUR weeks, ending Friday, 26th November 2010
> >> (this LC period will cover an IETF meeting).
> >>
> >> Emails saying "I support" or "I don't support" publication are also most
> >> helpful in judging the WG consensus.
> >>
> >> James and Gorry
> >> (TSVWG Chairs)
> >>
> >>
> >>
> >>
> >
> >
>
>
> --
>
> Magnus Westerlund
>
> ----------------------------------------------------------------------
> Multimedia Technologies, Ericsson Research EAB/TVM
> ----------------------------------------------------------------------
> Ericsson AB                | Phone  +46 10 7148287
> Färögatan 6                | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund <at> ericsson.com
> ----------------------------------------------------------------------

RE: IETF 79 (Beijing) DRAFT Agenda for TSVWG

[ On behalf of Lei Zhu ]

Hi chairs,

Would you please allocate some minutes to another draft about GTP-U
compression? 
The draft may be found at
http://tools.ietf.org/html/draft-lei-tsvwg-gtpu-compression-00.
Sorry for the late request.

Folks, if you have any comments on this draft, please post in the list or to
the authors.

Regards,
Xiangsong

> -----Original Message-----
> From: tsvwg-bounces <at> ietf.org [mailto:tsvwg-bounces <at> ietf.org] On Behalf Of
> James M. Polk
> Sent: Friday, October 29, 2010 12:09 PM
> To: tsvwg
> Subject: IETF 79 (Beijing) DRAFT Agenda for TSVWG
> 
> TSVWG
> 
> Please see this link for the DRAFT agenda for TSVWG in Beijing, on
> November 10th, from 9am-1130am local time in the "Valley Ballroom A".
> 
> http://www.ietf.org/proceedings/79/agenda/tsvwg.txt
> 
> Please let me know if I have missed anyone's agenda request or have
> incorrect information anywhere.
> 
> James & Gorry
> TSVWG chairs

Security issues with draft-ietf-tsvwg-iana-ports-08

Greetings again. There is a new restriction in draft-ietf-tsvwg-iana-ports that will have a negative
effect on the overall security of the Internet. Two restrictions in section 7.2 and the related one in
section 9 prevent protocol designers from getting a second port for a secure (likely TLS-wrapped)
version of their protocol based on wishful thinking that does not represent extensive reality in
deploymet. I propose alternate wording below.

First, I should probably apologize. I am the author of RFC 2487 (updated by RFC 3207), the now-infamous
"STARTTLS" option for SMTP. It seemed like a good idea at the time, it really did. No need for a second port
and possible delays due to port-probing: just do an in-band security upgrade. And it could work with other
common application protocols like POP and IMAP as well (RFC 2595)!

History has shown us wrong, but draft-ietf-tsvwg-iana-ports ignores that history. In short:

- There are serious security drawbacks to doing in-band upgrades within SMTP. Notice the large number of
new attack descriptions and warnings in RFC 3207.

- The processing model for how to change state after the STARTTLS command was more complicated than what we
thought, whereas it is completely clear what it means for applications over TLS on a second port.

- POP and IMAP have well-known upgrade semantics as well as each having a second port for TLS. Nearly all
implementations use the second port, and interoperability for the upgrade mechanism was not widespread
when it was last tested.

- SIP's two-port scheme has worked incredibly well.

- Having multiple code paths for "now you are in the clear" and "now you are under TLS" has proven to expose
some serious security risks that do not exist for when a second port is used.

- Attempts to create TLS-like encryption and/or integrity protection without actually doing TLS usually
ends up with security holes not in TLS.

- The number of new application protocols created over the past decade is significantly lower than was expected.

Given this, and recognizing that the resource scarcity of port numbers is a real concern for the long term, I
propose the following changes to draft-ietf-tsvwg-iana-ports:

Section 7.2 current:
o  IANA will allocate only one assigned port number for all versions
   of a service (e.g., running the service with or without a security
   mechanism, or for updated variants of a service)

Section 7.2 proposed:
o  IANA will allow the allocation of one additional assigned port number 
   for a service that runs without security and with security if the
   second port is used for running that service under TLS. The
   application definition MUST say which version of TLS is to be run on
   the additional port, SHOULD use the most current version of TLS, and
   MUST say if there are cryptographic requirements beyond those in the
   TLS version used.

Section 7.2 current:
   Further,
   previous separation of protocol variants based on security
   capabilities (e.g., HTTP on TCP port 80 vs. HTTPS on TCP port 443) is
   not recommended for new protocols, because all new protocols should
   be security-capable and capable of negotiating the use of security
   in-band.

Section 7.2 proposed:
   Further, previous separation of protocol variants based on security
   capabilities (e.g., HTTP on TCP port 80 vs. HTTPS on TCP port 443) is
   allowed for new protocols as long as they meet the requirements above.

Section 9 current:
   Services are expected to include support for security, either as
   default or dynamically negotiated in-band.  The use of separate
   service name or port number assignments for secure and insecure
   variants of the same service is to be avoided in order to discourage
   the deployment of insecure services.

Section 9 proposed:
   Services are expected to include support for security, either as
   default, through a separate port using TLS, or dynamically
   negotiated in-band.  The use of non-protected variants of services
   (that is, clear text with no encryption or integrity assurance)
   continues to be discouraged in IETF standards, although it is still
   unfortunately a common occurrence even in new protocols.

Proposed new section 10.4:
   IANA will reserve 50 port numbers, 21850-21899, to be allocated for
   secure versions of new or revised protocols. Future IETF standards
   actions and/or BCPs may recover unused values in this range, or they
   may reserve more port numbers specifically for additional ports
   for security.

That last proposal should cover the port-scarcity concerns, and a future IESG will have a much better idea
of the run rate on ports-for-security if they are all taken from one place starting now.

I am happy to discuss this more at the TSVWG meeting in Beijing if people want.

--Paul Hoffman, Director
--VPN Consortium

Re: Security issues with draft-ietf-tsvwg-iana-ports-08

Thanks Paul,

We should discuss this on the list because this is in WGLC - since this 
is a busy time of year for many, here is what I recall of the context:

This issue is being first noted in an I-D in draft-ports, but I do not 
recall anybody raised it as a point of discussion. I understood that it 
has been the recommendation of the ports review team, whose input is not 
binding to IANA nor based on a specific IANA policy.

The general principle is that all new port reservations should support 
security, either required or optional (negotiated in-band). I.e., if a 
port has significant potential security issues, or if security is 
required for firewall traversal, we expect that it will be required. I 
understood that the general intent is not so much to prohibit additional 
ports for secure variants, but not to recommend ports where security is 
an issue and security is NOT supported (i.e., try to avoid the insecure 
ones).

I think the intention was that additional ports for secure variants of 
existing services would still be endorsed by the ports review team.

(further comments in line).

On 04/11/2010 02:06, Paul Hoffman wrote:
> Greetings again. There is a new restriction in draft-ietf-tsvwg
 > -iana-ports that will have a negative effect on the overall
 > security of the Internet. Two restrictions in section 7.2 and
 > the related one in section 9 prevent protocol designers from
 > getting a second port for a secure (likely TLS-wrapped) version
 > of their protocol based on wishful thinking that does not
 > represent extensive reality in deploymet.
 >
That wasn't the reason I recall. I think the principle may
have been to encourage negotiation within a protocol rather
than requiring a dedicated port for each protocol variant
- there are of course lots of existing port assignments some
of which are to protocols that don't behave this way.

 > I propose alternate wording below.
>
> First, I should probably apologize. I am the author of RFC 2487
 > (updated by RFC 3207), the now-infamous "STARTTLS" option for SMTP.
 > It seemed like a good idea at the time, it really did. No need for
 > a second port and possible delays due to port-probing: just do an
 > in-band security upgrade. And it could work with other common
 > application protocols like POP and IMAP as well (RFC 2595)!
>
> History has shown us wrong, but draft-ietf-tsvwg-iana-ports
 > ignores that history. In short:
>
> - There are serious security drawbacks to doing in-band upgrades
 > within SMTP. Notice the large number of new attack descriptions
 > and warnings in RFC 3207.
>
> - The processing model for how to change state after the
 > STARTTLS command was more complicated than what we thought,
 > whereas it is completely clear what it means for applications
 > over TLS on a second port.
>
> - POP and IMAP have well-known upgrade semantics as well as
 > each having a second port for TLS. Nearly all implementations
 > use the second port, and interoperability for the upgrade
 > mechanism was not widespread when it was last tested.
>
> - SIP's two-port scheme has worked incredibly well.
>
> - Having multiple code paths for "now you are in the clear"
 > and "now you are under TLS" has proven to expose some serious
 > security risks that do not exist for when a second port is used.
>
> - Attempts to create TLS-like encryption and/or integrity
 > protection without actually doing TLS usually ends up with
 > security holes not in TLS.
>
> - The number of new application protocols created over the
 > past decade is significantly lower than was expected.
>
> Given this, and recognizing that the resource scarcity of
 > port numbers is a real concern for the long term, I propose
 > the following changes to draft-ietf-tsvwg-iana-ports:
>
> Section 7.2 current:
> o  IANA will allocate only one assigned port number for all versions
>     of a service (e.g., running the service with or without a security
>     mechanism, or for updated variants of a service)
>
> Section 7.2 proposed:
> o  IANA will allow the allocation of one additional assigned port number
>     for a service that runs without security and with security if the
>     second port is used for running that service under TLS. The
>     application definition MUST say which version of TLS is to be run on
>     the additional port, SHOULD use the most current version of TLS, and
>     MUST say if there are cryptographic requirements beyond those in the
>     TLS version used.
>
> Section 7.2 current:
>     Further,
>     previous separation of protocol variants based on security
>     capabilities (e.g., HTTP on TCP port 80 vs. HTTPS on TCP port 443) is
>     not recommended for new protocols, because all new protocols should
>     be security-capable and capable of negotiating the use of security
>     in-band.
>
> Section 7.2 proposed:
>     Further, previous separation of protocol variants based on security
>     capabilities (e.g., HTTP on TCP port 80 vs. HTTPS on TCP port 443) is
>     allowed for new protocols as long as they meet the requirements above.
>
> Section 9 current:
>     Services are expected to include support for security, either as
>     default or dynamically negotiated in-band.  The use of separate
>     service name or port number assignments for secure and insecure
>     variants of the same service is to be avoided in order to discourage
>     the deployment of insecure services.
>
> Section 9 proposed:
>     Services are expected to include support for security, either as
>     default, through a separate port using TLS, or dynamically
>     negotiated in-band.  The use of non-protected variants of services
>     (that is, clear text with no encryption or integrity assurance)
>     continues to be discouraged in IETF standards, although it is still
>     unfortunately a common occurrence even in new protocols.
>
> Proposed new section 10.4:
>     IANA will reserve 50 port numbers, 21850-21899, to be allocated for
>     secure versions of new or revised protocols. Future IETF standards
>     actions and/or BCPs may recover unused values in this range, or they
>     may reserve more port numbers specifically for additional ports
>     for security.
>
> That last proposal should cover the port-scarcity concerns, and a
 > future IESG will have a much better idea of the run rate on
 > ports-for-security if they are all taken from one place starting now.
>
> I am happy to discuss this more at the TSVWG meeting in Beijing if people want.
>
> --Paul Hoffman, Director
> --VPN Consortium
>

I would encourage people to discuss this, now it has been raised,
but please do keep in mind that the actual IANA decisions are informed
by input from the ports review team.

The new proposal for text in section 10.4 also needs specific comments 
from the editors.

Hope that helps, and I assume that others will now follow this up,

best wishes,

Gorry

Re: Security issues with draft-ietf-tsvwg-iana-ports-08

Paul,

Thanks for taking the time to review the document.  A few thoughts,
which may seem somewhat discombobulated at first, but bear with me:
> First, I should probably apologize. I am the author of RFC 2487 (updated by RFC 3207), the now-infamous
"STARTTLS" option for SMTP. It seemed like a good idea at the time, it really did. No need for a second port
and possible delays due to port-probing: just do an in-band security upgrade. And it could work with other
common application protocols like POP and IMAP as well (RFC 2595)!
>
> History has shown us wrong, but draft-ietf-tsvwg-iana-ports ignores that history. 

History hasn't entirely shown you were wrong.  I think history has shown
that getting certificates in place is a difficult administrative task
for mail, and in general.  I don't think port separation has anything to
do with it.  I think you ought not apologize for the work you have
done.  Rather it was very useful to highlight the difficulties of
configuring the application, quite frankly, and that HAS improved over
time (using sendmail as my benchmark).

> In short:
>
> - There are serious security drawbacks to doing in-band upgrades within SMTP. Notice the large number of
new attack descriptions and warnings in RFC 3207.

One thing I note is that it may be time for an update to 3207.  In
particular, you wrote:
> A publicly-referenced SMTP server MUST NOT require use of the
>    STARTTLS extension in order to deliver mail locally.  This rule
>    prevents the STARTTLS extension from damaging the interoperability of
>    the Internet's SMTP infrastructure.

That should be a deployment choice, right?  If I choose to reject your
mail because I don't want to receive unencrypted mail over the Internet,
that is my choice.  Otherwise you are actually encouraging a downgrade
attack.

But to this end, I would also suggest that when viewed in the light of
what has gone on with DKIM, some of your security analysis provides for
an interesting path forward.  You write, for instance:
>    A man-in-the-middle attack can be launched by deleting the "250
>    STARTTLS" response from the server.  This would cause the client not
>    to try to start a TLS session.  Another man-in-the-middle attack is
>    to allow the server to announce its STARTTLS capability, but to alter
>    the client's request to start TLS and the server's response.  In
>    order to defend against such attacks both clients and servers MUST be
>    able to be configured to require successful TLS negotiation of an
>    appropriate cipher suite for selected hosts before messages can be
>    successfully transferred.  The additional option of using TLS when
>    possible SHOULD also be provided.  An implementation MAY provide the
>    ability to record that TLS was used in communicating with a given
>    peer and generating a warning if it is not used in a later session.

As we have seen with DKIM it is now possible to express policies out of
band.  I wonder whether we should generalize this approach, and would be
interested in your views.  I'll note that in the case of SMTP and
publicly facing servers, for instance, there really is no alternative
for a second port at the moment because there is no way to express the
security desire in an MX record.  Food for thought. 

This is less the case, of course, through the common use of "s" or
".tls" or the like in a URI schema, but the reason that Joe, Magnus, and
others have taken the position they have is not simply one of
stewardship (although in my opinion that is good enough), but also
simply because time has passed, our capabilities have evolved, and we
really ought to be able to get this right.

> - POP and IMAP have well-known upgrade semantics as well as each having a second port for TLS. Nearly all
implementations use the second port, and interoperability for the upgrade mechanism was not widespread
when it was last tested.
>
> - SIP's two-port scheme has worked incredibly well.

The above two statements ring true to the point of concern for me with
regard to the current draft.  Do we have sufficient infrastructure in
place to provide a best practice for those future services such that the
2nd port isn't needed?  And this is where I think we tie the above point
together.  Should we have better generalized OOB mechanisms like ADSP
for instance to indicate security policy FIRST?  And this relates of
course to another problem we have with port allocation, which is
discovery.  That chews up even more ports.  Do we have infrastructure in
place to put an end to that, and should we before proceeding further?

> - Having multiple code paths for "now you are in the clear" and "now you are under TLS" has proven to expose
some serious security risks that do not exist for when a second port is used.

I think you will agree that multiple code paths exist, no matter whether
a separate port is used, but perhaps you could say more about the threat
here.

> - Attempts to create TLS-like encryption and/or integrity protection without actually doing TLS
usually ends up with security holes not in TLS.

+1 but I don't see how it relates to your other points.

> - The number of new application protocols created over the past decade is significantly lower than was expected.

By whose measure?

Thanks,

Eliot