On Friday, March 17 2006, Andy Bierman <ietf@andybierman.com> wrote:
We don't think we are improving security.
It is about following current practice, 'best' or otherwise.
IMO, there is a strong pre-existing expectation that a configuration
protocol like NETCONF should be in the system port number range.
As far as I can tell, the only security implication one way or the
other is whether non-netconf (i.e., other user) applications can
bind to the port, possibly preempting use by netconf (even though
the netconf service is likely to start before user applications).
On unix-like systems, port numbers below 1024 enforce this.
On non-unix-like systems, this argument may not hold.
If there is a difference wrt authentication, I don't see it (but my
security glasses are, at best, astigmatic).
So, to my understanding, there are two arguments for reserving
a port below 1024: preempting user processes, and pre-existing
expectation as noted by Andy. It is not clear to me that
those at IANA who gatekeep such things will find these sufficiently
strong arguments.