On 21/08/17 13:39, Robert Wolf wrote:> > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > >> >> On 21/08/17 10:37, Gedalya wrote: >>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >>>> 993 over 143? or? >>> There is no concrete answer. There are various opinions and feelings about >>> this. >>> The opinion againt 993/995 is that these are not standard ports, >> >> Out of curiosity, is there a source for this? It's the first time I hear that >> 993/995 are not standard ports - and searching on the Internet, I can't find >> any evidence to back it up? Also, pretty much all email software has been >> using them for the past 20 years or so. It seems like a curiously high rate of >> adoption for a non-standard :-) > > > Hello, > > IMHO the "not standard ports" is meant as "old, useless ports now".So in short, ports 993/995 are IANA officially approved, and thus "standard". Further to this, they are in use by the vast majority of email providers, and as far as I can tell, there are no functional or security disadvantages to using SSL over 993/995 - instead of STARTTLS over 110/143.
On Mon, 21 Aug 2017, Sebastian Arcus wrote:> On 21/08/17 13:39, Robert Wolf wrote: > > > > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > > > > > > > > On 21/08/17 10:37, Gedalya wrote: > > > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: > > > > > is there a 'preferred way'? should I tell users to use 143 over 993 ? > > > > > or > > > > > 993 over 143? or? > > > > There is no concrete answer. There are various opinions and feelings > > > > about > > > > this. > > > > The opinion againt 993/995 is that these are not standard ports, > > > > > > Out of curiosity, is there a source for this? It's the first time I hear > > > that > > > 993/995 are not standard ports - and searching on the Internet, I can't > > > find > > > any evidence to back it up? Also, pretty much all email software has been > > > using them for the past 20 years or so. It seems like a curiously high > > > rate of > > > adoption for a non-standard :-) > > > > > > Hello, > > > > IMHO the "not standard ports" is meant as "old, useless ports now". > > So in short, ports 993/995 are IANA officially approved, and thus "standard". > Further to this, they are in use by the vast majority of email providers, and > as far as I can tell, there are no functional or security disadvantages to > using SSL over 993/995 - instead of STARTTLS over 110/143.Hello Sebastian,> there are no functional disadvantages*** As I have written, only if some protocol can be used in just plain-text mode, then the SSL ports generate additional encryption load. CPU is probably no problem today, but I have seen some slower SSL connection on higher latence network. I am not SSL profi, but it looks like there is some ACK in SSL after some "SSL packet" which makes slower connection on high latency network, because SSL must wait for packet ACK. In plain-text connection, TCP requires ACK too, but TCP can open big window and send many data at once and wait only for the last ACK.> there are no security disadvantages*** Exactly, there is really no security disadvantage to use SSL ports, the encryption is same, resp. there is security advantage to use SSL ports to be sure that every communication is encrypted from start and client cannot send anything plaintext. Regards, Robert Wolf.
On 21/08/17 16:25, Robert Wolf wrote:> On Mon, 21 Aug 2017, Sebastian Arcus wrote: > >> On 21/08/17 13:39, Robert Wolf wrote: >>> >>> On Mon, 21 Aug 2017, Sebastian Arcus wrote: >>> >>>> >>>> On 21/08/17 10:37, Gedalya wrote: >>>>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>>>>> is there a 'preferred way'? should I tell users to use 143 over 993 ? >>>>>> or >>>>>> 993 over 143? or? >>>>> There is no concrete answer. There are various opinions and feelings >>>>> about >>>>> this. >>>>> The opinion againt 993/995 is that these are not standard ports, >>>> >>>> Out of curiosity, is there a source for this? It's the first time I hear >>>> that >>>> 993/995 are not standard ports - and searching on the Internet, I can't >>>> find >>>> any evidence to back it up? Also, pretty much all email software has been >>>> using them for the past 20 years or so. It seems like a curiously high >>>> rate of >>>> adoption for a non-standard :-) >>> >>> >>> Hello, >>> >>> IMHO the "not standard ports" is meant as "old, useless ports now". >> >> So in short, ports 993/995 are IANA officially approved, and thus "standard". >> Further to this, they are in use by the vast majority of email providers, and >> as far as I can tell, there are no functional or security disadvantages to >> using SSL over 993/995 - instead of STARTTLS over 110/143. > > > Hello Sebastian, > >> there are no functional disadvantages > > *** As I have written, only if some protocol can be used in just plain-text > mode, then the SSL ports generate additional encryption load. CPU is probably > no problem today, but I have seen some slower SSL connection on higher latence > network. I am not SSL profi, but it looks like there is some ACK in SSL after > some "SSL packet" which makes slower connection on high latency network, > because SSL must wait for packet ACK. In plain-text connection, TCP requires > ACK too, but TCP can open big window and send many data at once and wait only > for the last ACK. > > >> there are no security disadvantages > > *** Exactly, there is really no security disadvantage to use SSL ports, the > encryption is same, resp. there is security advantage to use SSL ports to be > sure that every communication is encrypted from start and client cannot send > anything plaintext.Hi Rob - thank you for the clarification. It is interesting information.