On 21/08/17 10:37, Gedalya wrote:> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >> 993 over 143? or? > There is no concrete answer. There are various opinions and feelings about this. > The opinion againt 993/995 is that these are not standard ports,Out of curiosity, is there a source for this? It's the first time I hear that 993/995 are not standard ports - and searching on the Internet, I can't find any evidence to back it up? Also, pretty much all email software has been using them for the past 20 years or so. It seems like a curiously high rate of adoption for a non-standard :-)
On 08/21/2017 06:04 PM, Sebastian Arcus wrote:> > On 21/08/17 10:37, Gedalya wrote: >> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >>> 993 over 143? or? >> There is no concrete answer. There are various opinions and feelings about this. >> The opinion againt 993/995 is that these are not standard ports, > > Out of curiosity, is there a source for this? It's the first time I hear that 993/995 are not standard ports - and searching on the Internet, I can't find any evidence to back it up? Also, pretty much all email software has been using them for the past 20 years or so. It seems like a curiously high rate of adoption for a non-standard :-)What kind of evidence would support a negative? I don't understand. Evidence could demonstrate that something is indeed a standard. "Standard" and common practice are not the same thing. A "Standrd" is a document that describes what practice ought to look like. C has a (series of) standard(s), Perl 5 is not exactly standardized. It's just implemented and documented. Either way, at this point these ports are indeed listed here: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt So perhaps it can be said that those still arguing against it on the basis of it being "non-standrd" are still arguing against officially assigning these port numbers, because the old ports are perfectly good, even after the assignment has already been listed by IANA.
On Mon, 21 Aug 2017 11:04:40 +0100, Sebastian Arcus stated:>On 21/08/17 10:37, Gedalya wrote: >> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >>> 993 over 143? or? >> There is no concrete answer. There are various opinions and feelings about >> this. The opinion againt 993/995 is that these are not standard ports, > >Out of curiosity, is there a source for this? It's the first time I hear >that 993/995 are not standard ports - and searching on the Internet, I >can't find any evidence to back it up? Also, pretty much all email >software has been using them for the past 20 years or so. It seems like >a curiously high rate of adoption for a non-standard :-)One of the places I have found extremely useful over the years is: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers It lists the port number, TCP & UDP, description and IANA Status. It also lists multiple use ports; such as 465. Port TCP UDP Description IANA status 143 TCP Assigned Internet Message Access Protocol (IMAP) management Official 465 TCP URL Rendezvous Directory for SSM (Cisco protocol) Official 465 TCP Authenticated SMTP over TLS/SSL (SMTPS) Unofficial 993 TCP Assigned Internet Message Access Protocol over TLS/SSL (IMAPS) Official 995 TCP UDP Post Office Protocol 3 over TLS/SSL (POP3S) Official -- Jerry
On Mon, 21 Aug 2017, Sebastian Arcus wrote:> > On 21/08/17 10:37, Gedalya wrote: > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: > > > is there a 'preferred way'? should I tell users to use 143 over 993 ? or > > > 993 over 143? or? > > There is no concrete answer. There are various opinions and feelings about > > this. > > The opinion againt 993/995 is that these are not standard ports, > > Out of curiosity, is there a source for this? It's the first time I hear that > 993/995 are not standard ports - and searching on the Internet, I can't find > any evidence to back it up? Also, pretty much all email software has been > using them for the past 20 years or so. It seems like a curiously high rate of > adoption for a non-standard :-)Hello, IMHO the "not standard ports" is meant as "old, useless ports now". AFAIK at the begining there were only plain-text ports 80, 389, 110, 143, 25, 5222 (XMPP) etc without any encryption. Then SSL was implemented on ports 443, 636, 993, 995, 465, 5223 etc. Later, the STARTTLS feature has been introduced and servers and clients has implemented STARTTLS sometime. Since STARTTLS is used in most clients and servers nowdays, there is no need for SSL port. There is even RFC 2817 for STARTTLS in HTTP. So IMHO all SSL ports are meant to be old, useless now, some Jabber clients describe SSL encryption on port 5223 as "legacy". Pros of STARTTLS is, that you CAN start encryption, if you need it. E.g. for SMTP or LDAP you can use plain text connections without expensive encryption for normal mail transfer (MX-MX) or for searching (LDAP), and client can start encryption, if needed for username+password or cert authentication (SMTP submit or LDAP edit with auth). Of cource for IMAP+POP you have to authenticate everytime, i.e. you need encryption everytime. Pros of SSL port is, you now everytime exactly, that your connection is encrypted, so your password is never sent over plain-text channel. Some servers (services) can be configured to fail correct login, if the login is made through plain-text channel. This is good, because MITM cannot instantly see, if the password is correct or not, but the password goes already plain-text and MITM can test it on secure connection later. Regards, Robert Wolf.
On 21/08/17 13:39, Robert Wolf wrote:> > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > >> >> On 21/08/17 10:37, Gedalya wrote: >>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >>>> 993 over 143? or? >>> There is no concrete answer. There are various opinions and feelings about >>> this. >>> The opinion againt 993/995 is that these are not standard ports, >> >> Out of curiosity, is there a source for this? It's the first time I hear that >> 993/995 are not standard ports - and searching on the Internet, I can't find >> any evidence to back it up? Also, pretty much all email software has been >> using them for the past 20 years or so. It seems like a curiously high rate of >> adoption for a non-standard :-) > > > Hello, > > IMHO the "not standard ports" is meant as "old, useless ports now".So in short, ports 993/995 are IANA officially approved, and thus "standard". Further to this, they are in use by the vast majority of email providers, and as far as I can tell, there are no functional or security disadvantages to using SSL over 993/995 - instead of STARTTLS over 110/143.