Re: use of netconf to configure Unix systems

[Phil Shafer <phil@juniper.net>]

"Joel M. Halpern" writes:
>like the ForCES CE to be able to be managed using netconf.  And it is 
>a specific design goal that ForCES CEs are NOT part of the kernel.

Use of privileged port does not require code to be part of the
kernel, just that it be root (uid 0) when the bind() call is made.
Daemons can do their bind() and then setuid() to nobody to protect
themselves from giving crackers root access.

To me, the benefit of using a privileged port is minor, but the
benefit to _any_ protocol is minor nowadays, so I don't see this
as a big issue either way.  NETCONF doesn't need a priv port, but
no other protocol can be considered more (or less ;^) deserving,
so if IANA's willing to give us three, we should be gratious enough
to accept them.  If not, it's not a big deal.

>So, is there some other reason that I have not seen for wanting to 
>use a low numbered port?

Having to be root for debugging is a pain, but one can just do some
port forwarding to get around that.

>Eliot Lear wrote:
>Given that it exists, when SHOULD something be assigned <1024?

When the protocol was designed before the onslaught of Windows.  Or
if the protocol is expected to survive past the death of Windows.
Neither applies here ;^)

Thanks,
 Phil

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>