Requesting a common encrypted port number for hobbit client/server
list T.J. Yang
Just and idea, port 1984 over the years got recognized by some kind of Internet organization as default port for bb client/server communication port. Should we (hobbit community) pursue a common port number for hobbit client/server encrypted communication ? I see the need but don't how to get this done. which port number to use ? who(which entity) to ask ? I am using port 1999 for my testing purpose for now. T.J. Yang Messenger Caf� � open for fun 24/7. Hot games, cool activities served daily. Visit now. http://cafemessenger.com?ocid=TXT_TAGHM_AugHMtagline
list David Gilmore
T.J., I second this idea. I think it would be a great benefit to the Hobbit community. About 6 or 7 years ago, a guy I was working with helped develop a monitoring system for our employer at the time using BB Pro and Cisco Pix FW/Routers so that we could keep client monitoring traffic encrypted, while utilizing the internet to send info to our NOC. It was a rather elegant solution to the clear text problem. As a result of his work the Quest folks added the encryption feature in the Pro version shortly thereafter. David
▸
-----Original Message-----
From: T.J. Yang [mailto:user-8e841282cda5@xymon.invalid]
Sent: Sunday, August 19, 2007 9:41 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] Requesting a common encrypted port number for hobbit client/server
Just and idea, port 1984 over the years got recognized by some kind of
Internet organization as default port for bb client/server communication
port.
Should we (hobbit community) pursue a common port number for hobbit
client/server encrypted communication ?
I see the need but don't how to get this done.
which port number to use ? who(which entity) to ask ?
I am using port 1999 for my testing purpose for now.
T.J. Yang
Messenger Café - open for fun 24/7. Hot games, cool activities served daily. Visit now. http://cafemessenger.com?ocid=TXT_TAGHM_AugHMtagline This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
list Lars Ebeling
▸
From: "T.J. Yang" <user-8e841282cda5@xymon.invalid> To: <user-ae9b8668bcde@xymon.invalid> Sent: Sunday, August 19, 2007 3:40 PM Subject: [hobbit] Requesting a common encrypted port number for hobbit client/server
Just and idea, port 1984 over the years got recognized by some kind of Internet organization as default port for bb client/server communication port. Should we (hobbit community) pursue a common port number for hobbit client/server encrypted communication ? I see the need but don't how to get this done. which port number to use ? who(which entity) to ask ?
Have a look at http://www.iana.org/assignments/port-numbers Regards Lars Ebeling
list T.J. Yang
see below,
▸
From: "Lars Ebeling" <user-1fecd3eafd52@xymon.invalid> Reply-To: user-ae9b8668bcde@xymon.invalid To: <user-ae9b8668bcde@xymon.invalid> Subject: Re: [hobbit] Requesting a common encrypted port number for hobbit client/server Date: Mon, 20 Aug 2007 19:37:00 +0200 From: "T.J. Yang" <user-8e841282cda5@xymon.invalid> To: <user-ae9b8668bcde@xymon.invalid> Sent: Sunday, August 19, 2007 3:40 PM Subject: [hobbit] Requesting a common encrypted port number for hobbit client/serverJust and idea, port 1984 over the years got recognized by some kind of Internet organization as default port for bb client/server communication port. Should we (hobbit community) pursue a common port number for hobbit client/server encrypted communication ? I see the need but don't how to get this done. which port number to use ? who(which entity) to ask ?Have a look at http://www.iana.org/assignments/port-numbers
Should we have Henrik do the honor of requesting one ? http://www.iana.org/cgi-bin/usr-port-number.pl tj
Regards Lars Ebeling
Find a local pizza place, movie theater, and more�.then map the best route! http://maps.live.com/default.aspx?v=2&ss=yp.bars~yp.pizza~yp.movie%20theater&cp=42.358996~-71.056691&style=r&lvl=13&tilt=-90&dir=0&alt=-1000&scene=950607&encType=1&FORM=MGAC01
list Henrik Størner
▸
On Sun, Aug 19, 2007 at 08:40:38AM -0500, T.J. Yang wrote:
Just and idea, port 1984 over the years got recognized by some kind of Internet organization as default port for bb client/server communication port. Should we (hobbit community) pursue a common port number for hobbit client/server encrypted communication ?
I don't think this is necessary, and I'm not even sure such an application will be accepted. The current trend for protocols that operate with both plain-text and encrypted traffic is to start with an un-encrypted connection, and then use a "STARTTLS" command to turn on encryption. The two sides can then negotiate if they can/will communicate. Since this appears to be the method preferred by the Internet authorities, that's the one I've though about implementing. That shouldn't stop you from using stunnel, though.
▸
I see the need but don't how to get this done. which port number to use ? who(which entity) to ask ?
It's handled by IANA, You request it through http://www.iana.org/cgi-bin/usr-port-number.pl Regards, Henrik
list Asif Iqbal
▸
The current trend for protocols that operate with both plain-text and encrypted traffic is to start with an un-encrypted connection, and then use a "STARTTLS" command to turn on encryption. The two sides can then negotiate if they can/will communicate.
I thought I saw something of bb could send msg to hobbit server through https. Now I cannot find it anywhere. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
list T.J. Yang
▸
From: user-ce4a2c883f75@xymon.invalid (Henrik Stoerner) Reply-To: user-ae9b8668bcde@xymon.invalid To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] Requesting a common encrypted port number for hobbit client/server
Date: Mon, 20 Aug 2007 22:47:57 +0200
▸
On Sun, Aug 19, 2007 at 08:40:38AM -0500, T.J. Yang wrote:Just and idea, port 1984 over the years got recognized by some kind of Internet organization as default port for bb client/server communication port. Should we (hobbit community) pursue a common port number for hobbit client/server encrypted communication ?I don't think this is necessary, and I'm not even sure such an application will be accepted. The current trend for protocols that operate with both plain-text and encrypted traffic is to start with an un-encrypted connection, and then use a "STARTTLS" command to turn on encryption. The two sides can then negotiate if they can/will communicate. Since this appears to be the method preferred by the Internet authorities, that's the one I've though about implementing. That shouldn't stop you from using stunnel, though.
If hb encryption via stunnel is implemented then a port for plaintext redirection is needed. thus the idea of requesting non-taken port( from iana) for hobbit encrypted message. For my understanding, BB Pro can do message encryption already and looks like they are using port 1984 also. What is the impact of mixing bb encrypted message and hb encrypted message protocols on same port number ? and I don't believe Quest publish the bb message encryption protocol. I think getting a port for hobbit itself is still good in the long run.
▸
I see the need but don't how to get this done. which port number to use ? who(which entity) to ask ?It's handled by IANA, You request it through http://www.iana.org/cgi-bin/usr-port-number.pl Regards, Henrik
Learn.Laugh.Share. Reallivemoms is right place! http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
list Henrik Størner
▸
On Tue, Aug 21, 2007 at 04:36:46AM -0500, T.J. Yang wrote:
If hb encryption via stunnel is implemented then a port for plaintext redirection is needed.
No, you need to configure your clients to use the encrypted port. Or do some firewall redirecting of the traffic to the encrypted service.
▸
What is the impact of mixing bb encrypted message and hb encrypted message protocols on same port number ? and I don't believe Quest publish the bb message encryption protocol.
I have no idea how Quest implements encryption in the commercial BB
version. Most likely the Hobbit and BB encryption mechanisms will not
be compatible - I don't see this as a problem, Hobbit clients have never
been compatible with BB. The mechanism I see for Hobbit is like this:
CLIENT SERVER
-------------- ---------------------
Connect to server
Accept connection
Send "STARTTLS\n"
Send "OK\n"
Perform TLS handshake Perform TLS handshake
(Validate server cert) (Validate client cert)
Exchange data Exchange data
Which is similar to how quite a few of the standard Internet protocols
implement a "TLS upgrade" of the communication.
The certificate validation is optional, but quite trivial to implement.
So this will also allow for fine-grained control over who can feed data
into Hobbit.
Regarding the request for a dedicated port number: The problem is that I
really do not believe IANA would be willing to assign a port number for
Hobbit - it would be against their stated policy of not assigning
different portnumbers for the plain-text and encrypted versions of an
application-layer protocol. Since BB already has a port number
assignment, getting a new one for Hobbit doesn't seem likely.
Henrik