Port 443

• To: www-security@ns2.rutgers.edu
• Subject: Port 443
• From: "John Hemming CEO MarketNet" <JohnHemming@mkn.co.uk>
• Date: Thu, 14 Sep 1995 07:56:29 AM PDT

in answer to mail from: cwerner@fh.us.bosch.com

Port 443 is registered by IANA for SSL applied to HTTP.  Similarly
465 is registered for SSMTP.

If anyone not using SSL attempts to connect to a server listening
on 443 for HTTPS then nothing will happen as the first message
will be wrong. (a few million gates will switch, but nothing material).

Port 443 is used for server authentication (although it is
not much use from a regulatory point of view) and key exchange for
the secure session.  The data is then passed through that port
as well.

In theory any port could be used, but using 80 and 443 for insecure
and secure sessions in nice and straightforward and easy for the
punters.  (vide short urls).

I don't know what precisely is going on about AIF (Agency for
Interamerican Finance), but essentially this "web site" was a good
example of something that brings to the fore the regulatory issues.

>From the perception of the punter a bond issuer based in Antigua
looks like one in the UK or US, but is covered by different regulations.

The client program really should say what regulatory security exists
for any particular server.  (I will do that later on).  The Verisign proof
that A really is A does not help much particularly as neither Netscape
nor WorkHorse (two SSL browsers) check this against the domain
name.  More important would be that A is A and is regulated by 
B, C, D and F.  (E doesn't matter - they went bust)

• Previous: port 443 and security
• Next: Re: port 443 and security
• Index(es):
  • Index
  • Thread