Daniel Franke <dfoxfra...@gmail.com>:
> On Tue, Mar 5, 2019 at 1:52 PM Eric S. Raymond <e...@thyrsus.com> wrote:
> > If you end up going with a non-123 port number, I requst that the RFC
> > allow use on other ports when and if ALPN is available and specify
> > the ALPN tag to be used.
>
> The spec already mandates that ALPN always be used and allocates a tag
> with IANA.
Thanks. I didn't see that in the RFC draft. Did I simply miss it or is
it in a registry that is entirely separate?
> > I disagree. New firewall holes are difficult, practically if not
> > theoretically.
>
> tcp/123 is already a new firewall hole. If you want to work around
> unchangeable firewall rules you probably have to use 443 (and again
> rely on ALPN).
Whether TCP on a port with an existing UDP hole would be treated as "new"
is probably variable by firewall default and administrative policy. At the
very least I expect it to lower a psychological barrier, especially when the
TCP service has a clear relationship to the UDP one.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
