draft-ietf-tsvwg-port-use-11.txt   rfc7605.txt 
TSVWG J. Touch
Internet Draft USC/ISI
Intended status: Best Current Practice April 24, 2015
Expires: October 2015
Recommendations on Using Assigned Transport Port Numbers Internet Engineering Task Force (IETF) J. Touch
draft-ietf-tsvwg-port-use-11.txt Request for Comments: 7605 USC/ISI
BCP: 165 August 2015
Category: Best Current Practice
ISSN: 2070-1721
Status of this Memo Recommendations on Using Assigned Transport Port Numbers
This Internet-Draft is submitted in full conformance with the Abstract
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This document provides recommendations to designers of application
Task Force (IETF), its areas, and its working groups. Note that and service protocols on how to use the transport protocol port
other groups may also distribute working documents as Internet- number space and when to request a port assignment from IANA. It
Drafts. provides designer guidance to requesters or users of port numbers on
how to interact with IANA using the processes defined in RFC 6335;
thus, this document complements (but does not update) that document.
It provides guidelines for designers regarding how to interact with
the IANA processes defined in RFC 6335, thus serving to complement
(but not update) that document.
Internet-Drafts are draft documents valid for a maximum of six Status of This Memo
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This memo documents an Internet Best Current Practice.
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at This document is a product of the Internet Engineering Task Force
http://www.ietf.org/shadow.html (IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
BCPs is available in Section 2 of RFC 5741.
This Internet-Draft will expire on October 24, 2015. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7605.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with respect
respect to this document. Code Components extracted from this to this document. Code Components extracted from this document must
document must include Simplified BSD License text as described in include Simplified BSD License text as described in Section 4.e of
Section 4.e of the Trust Legal Provisions and are provided without the Trust Legal Provisions and are provided without warranty as
warranty as described in the Simplified BSD License. described in the Simplified BSD License.
Abstract
This document provides recommendations to application and service
protocol designers on how to use the assigned transport protocol
port number space and when to request a port assignment from IANA.
It provides designer guidelines on how to interact with the IANA
processes defined in RFC6335, thus serving to complement (but not
update) that document.
Table of Contents Table of Contents
1. Introduction...................................................2 1. Introduction ....................................................3
2. Conventions used in this document..............................3 2. Conventions Used in This Document ...............................3
3. History........................................................3 3. History .........................................................3
4. Current Port Number Use........................................5 4. Current Port Number Use .........................................5
5. What is a Port Number?.........................................5 5. What is a Port Number? ..........................................5
6. Conservation...................................................7 6. Conservation ....................................................7
6.1. Guiding Principles........................................7 6.1. Guiding Principles .........................................7
6.2. Firewall and NAT Considerations...........................8 6.2. Firewall and NAT Considerations ............................8
7. Considerations for Requesting Port Number Assignments..........9 7. Considerations for Requesting Port Number Assignments ...........9
7.1. Is a port number assignment necessary?....................9 7.1. Is a port number assignment necessary? .....................9
7.2. How Many Assigned Port Numbers?..........................11 7.2. How many assigned port numbers are necessary? .............11
7.3. Picking an Assigned Port Number..........................12 7.3. Picking an Assigned Port Number ...........................12
7.4. Support for Security.....................................13 7.4. Support for Security ......................................13
7.5. Support for Future Versions..............................14 7.5. Support for Future Versions ...............................14
7.6. Transport Protocols......................................15 7.6. Transport Protocols .......................................14
7.7. When to Request an Assignment............................16 7.7. When to Request an Assignment .............................16
7.8. Squatting................................................17 7.8. Squatting .................................................17
7.9. Other Considerations.....................................18 7.9. Other Considerations ......................................18
8. Security Considerations.......................................18 8. Security Considerations ........................................18
9. IANA Considerations...........................................19 9. IANA Considerations ............................................19
10. References...................................................19 10. References ....................................................19
10.1. Normative References....................................19 10.1. Normative References .....................................19
10.2. Informative References..................................20 10.2. Informative References ...................................20
11. Acknowledgments..............................................22 Acknowledgments ...................................................24
Author's Address ..................................................24
1. Introduction 1. Introduction
This document provides information and advice to application and This document provides information and advice to application and
service designers on the use of assigned transport port numbers. It service designers on the use of assigned transport port numbers. It
provides a detailed historical background of the evolution of provides a detailed historical background of the evolution of
transport port numbers and their multiple meanings. It also provides transport port numbers and their multiple meanings. It also provides
specific recommendations to designers on how to use assigned port specific recommendations to designers on how to use assigned port
numbers. Note that this document provides information to potential
port number applicants that complements the IANA process described
in BCP165 [RFC6335], but it does not change any of the port number
assignment procedures described therein. This document is intended
to address concerns typically raised during Expert Review of
assigned port number applications, but it is not intended to bind
those reviews. RFC 6335 also describes the interaction between port
experts and port requests in IETF consensus document. Authors of
IETF consensus documents should nevertheless follow the advice in
this document and can expect comment on their port requests from the
port experts during IETF last call or at other times when review is
explicitly sought.
2. Conventions used in this document numbers. Note that this document provides information to potential
port number applicants that complements the IANA process described in
[RFC6335] (the sole document of BCP 165 before this document), but it
does not change any of the port number assignment procedures
described therein. Because they are thus so closely related, this
document and RFC 6335 are now known together as BCP 165. This
document is intended to address concerns typically raised during
Expert Review (see [RFC5226]) of assigned port number applications,
but it is not intended to bind those reviews. RFC 6335 also
describes the interaction between port experts and port requests in
IETF consensus documents. Authors of IETF consensus documents should
nevertheless follow the advice in this document and can expect
comment on their port requests from the port experts during IETF Last
Call or at other times when review is explicitly sought.
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
In this document, these words will appear with that interpretation In this document, these words will appear with that interpretation
only when in ALL CAPS. Lower case uses of these words are not to be only when in ALL CAPS. Lowercase uses of these words are not to be
interpreted as carrying RFC-2119 significance. interpreted as carrying significance described in RFC 2119.
In this document, the characters ">>" preceding an indented line(s) In this document, the characters ">>" preceding an indented line(s)
indicates a statement using the key words listed above. This indicates a statement using the key words listed above. This
convention aids reviewers in quickly identifying or finding convention aids reviewers in quickly identifying or finding
requirements for registration and recommendations for use of port requirements for registration and recommendations for use of port
numbers in this RFC. numbers in this RFC.
3. History 3. History
The term 'port' was first used in [RFC33] to indicate a simplex The term 'port' was first used in [RFC33] to indicate a simplex
communication path from an individual process and originally applied communication path from an individual process and originally applied
to only the Network Control Program (NCP) connection-oriented to only the Network Control Program (NCP) connection-oriented
protocol. At a meeting described in [RFC37], an idea was presented protocol. At a meeting described in [RFC37], an idea was presented
to decouple connections between processes and links that they use as to decouple connections between processes and links that they use as
paths, and thus to include numeric source and destination socket paths and, thus, to include numeric source and destination socket
identifiers in packets. [RFC38] provides further detail, describing identifiers in packets. [RFC38] provides further detail, describing
how processes might have more than one of these paths and that more how processes might have more than one of these paths and that more
than one path may be active at a time. As a result, there was the than one path may be active at a time. As a result, there was the
need to add a process identifier to the header of each message so need to add a process identifier to the header of each message so
that incoming messages could be demultiplexed to the appropriate that incoming messages could be demultiplexed to the appropriate
process. [RFC38] further suggested that 32 bit numbers would be used process. [RFC38] further suggests that 32-bit numbers be used for
for these identifiers. [RFC48] discusses the current notion of these identifiers. [RFC48] discusses the current notion of listening
listening on a specific port number, but does not discuss the issue on a specific port number, but does not discuss the issue of port
of port number determination. [RFC61] notes that the challenge of number determination. [RFC61] notes that the challenge of knowing
knowing the appropriate port numbers is "left to the processes" in the appropriate port numbers is "left to the processes" in general,
general, but introduces the concept of a "well-known" port number but introduces the concept of a "well-known" port number for common
for common services. services.
[RFC76] proposed a "telephone book" by which an index would allow [RFC76] proposes a "telephone book" by which an index will allow port
port numbers to be used by name, but still assumed that both source numbers to be used by name, but still assumes that both source and
and destination port numbers are fixed by such a system. [RFC333] destination port numbers are fixed by such a system. [RFC333]
proposed that a port number pair, rather than an individual port proposes that a port number pair, rather than an individual port
number, would be used on both sides of the connection for number, be used on both sides of the connection for demultiplexing
demultiplexing messages. This is the final view in [RFC793] (and its messages. This is the final view in [RFC793] (and its predecessors,
predecessors, including [IEN112]), and brings us to their current including [IEN112]), and brings us to their current meaning.
meaning. [RFC739] introduced the notion of generic reserved port [RFC739] introduces the notion of generic reserved port numbers for
numbers for groups of protocols, such as "any private RJE server" groups of protocols, such as "any private RJE server" [RFC739].
[RFC739]. Although the overall range of such port numbers was (and Although the overall range of such port numbers was (and remains) 16
remains) 16 bits, only the first 256 (high 8 bits cleared) in the bits, only the first 256 (high 8 bits cleared) in the range were
range were considered assigned. considered assigned.
[RFC758] is the first to describe port numbers as being used for TCP [RFC758] is the first to describe port numbers as being used for TCP
(previous RFCs all refer to only NCP). It includes a list of such (previous RFCs all refer to only NCP). It includes a list of such
well-known port numbers, as well as describing ranges used for well-known port numbers, as well as describes ranges used for
different purposes: different purposes:
Decimal Octal Decimal Octal Description
----------------------------------------------------------- -----------------------------------------------------------
0-63 0-77 Network Wide Standard Function 0-63 0-77 Network Wide Standard Function
64-127 100-177 Hosts Specific Functions 64-127 100-177 Hosts Specific Functions
128-223 200-337 Reserved for Future Use 128-223 200-337 Reserved for Future Use
224-255 340-377 Any Experimental Function 224-255 340-377 Any Experimental Function
In [RFC820] those range meanings disappeared, and a single list of In [RFC820], those range meanings disappear, and a single list of
number assignments is presented. This is also the first time that number assignments is presented. This is also the first time that
port numbers are described as applying to a connectionless transport port numbers are described as applying to a connectionless transport
(UDP) rather than only connection-oriented transports. (e.g., UDP) rather than only connection-oriented transports.
By [RFC900] the ranges appeared as decimal numbers rather than the By [RFC900], the ranges appear as decimal numbers rather than the
octal ranges used previously. [RFC1340] increased this range from octal ranges used previously. [RFC1340] increases this range from
0..255 to 0..1023, and began to list TCP and UDP port number 0-255 to 0-1023 and begins to list TCP and UDP port number
assignments individually (although the assumption was that once assignments individually (although the assumption was that once
assigned a port number applies to all transport protocols, including assigned a port number applies to all transport protocols, including
TCP, UDP, recently SCTP and DCCP, as well as ISO-TP4 for a brief TCP, UDP, recently Stream Control Transmission Protocol (SCTP) and
period in the early 1990s). [RFC1340] also established the Datagram Congestion Control Protocol (DCCP), as well as ISO-TP4 for a
brief period in the early 1990s). [RFC1340] also establishes the
Registered range of 1024-59151, though it notes that it is not Registered range of 1024-59151, though it notes that it is not
controlled by the IANA at that point. The list provided by [RFC1700] controlled by the IANA (at that point). The list provided by
in 1994 remained the standard until it was declared replaced by an [RFC1700] in 1994 remained the standard until it was declared
on-line version, as of [RFC3232] in 2002. replaced by an online version, as of [RFC3232] in 2002.
4. Current Port Number Use 4. Current Port Number Use
RFC6335 indicates three ranges of port number assignments: RFC 6335 indicates three ranges of port number assignments:
Binary Hex Binary Hex
----------------------------------------------------------- -----------------------------------------------------------
0-1023 0x0000-0x03FF System (also Well-Known) 0-1023 0x0000-0x03FF System (also Well-Known)
1024-49151 0x0400-0xBFFF User (also Registered) 1024-49151 0x0400-0xBFFF User (also Registered)
49152-65535 0xC000-0xFFFF Dynamic (also Private) 49152-65535 0xC000-0xFFFF Dynamic (also Private)
System (also Well-Known) encompasses the range 0..1023. On some System (also Well-Known) encompasses the range 0-1023. On some
systems, use of these port numbers requires privileged access, e.g., systems, use of these port numbers requires privileged access, e.g.,
that the process run as 'root' (i.e., as a privileged user), which that the process run as 'root' (i.e., as a privileged user), which is
is why these are referred to as System port numbers. The port why these are referred to as System port numbers. The port numbers
numbers from 1024..49151 denotes non-privileged services, known as from 1024-49151 denotes non-privileged services, known as User (also
User (also Registered), because these port numbers do not run with Registered), because these port numbers do not run with special
special privileges. Dynamic (also Private) port numbers are not privileges. Dynamic (also Private) port numbers are not assigned.
assigned.
Both System and User port numbers are assigned through IANA, so both Both System and User port numbers are assigned through IANA, so both
are sometimes called 'registered port numbers'. As a result, the are sometimes called 'registered port numbers'. As a result, the
term 'registered' is ambiguous, referring either to the entire range term 'registered' is ambiguous, referring either to the entire range
0-49151 or to the User port numbers. Complicating matters further, 0-49151 or to the User port numbers. Complicating matters further,
System port numbers do not always require special (i.e., 'root') System port numbers do not always require special (i.e., 'root')
privilege. For clarity, the remainder of this document refers to the privilege. For clarity, the remainder of this document refers to the
port number ranges as System, User, and Dynamic, to be consistent port number ranges as System, User, and Dynamic, to be consistent
with IANA process [RFC6335]. with IANA process [RFC6335].
5. What is a Port Number? 5. What is a Port Number?
A port number is a 16-bit number used for two distinct purposes: A port number is a 16-bit number used for two distinct purposes:
o Demultiplexing transport endpoint associations within an end o Demultiplexing transport endpoint associations within an end host
host
o Identifying a service o Identifying a service
The first purpose requires that each transport endpoint association The first purpose requires that each transport endpoint association
(e.g., TCP connection or UDP pairwise association) using a given (e.g., TCP connection or UDP pairwise association) using a given
transport between a given pair of IP addresses use a different pair transport between a given pair of IP addresses use a different pair
of port numbers, but does not require either coordination or of port numbers, but it does not require either coordination or
registration of port number use. It is the second purpose that registration of port number use. It is the second purpose that
drives the need for a common registry. drives the need for a common registry.
Consider a user wanting to run a web server. That service could run Consider a user wanting to run a web server. That service could run
on any port number, provided that all clients knew what port number on any port number, provided that all clients knew what port number
to use to access that service at that host. Such information can be to use to access that service at that host. Such information can be
explicitly distributed - for example, by putting it in the URI: explicitly distributed -- for example, by putting it in the URI:
http://www.example.com:51509/ http://www.example.com:51509/
Ultimately, the correlation of a service with a port number is an Ultimately, the correlation of a service with a port number is an
agreement between just the two endpoints of the association. A web agreement between just the two endpoints of the association. A web
server can run on port number 53, which might appear as DNS traffic server can run on port number 53, which might appear as DNS traffic
to others but will connect to browsers that know to use port number to others but will connect to browsers that know to use port number
53 rather than 80. 53 rather than 80.
As a concept, a service is the combination of ISO Layers 5-7 that As a concept, a service is the combination of ISO Layers 5-7 that
represents an application protocol capability. For example www (port represents an application-protocol capability. For example, www
number 80) is a service that uses HTTP as an application protocol (port number 80) is a service that uses HTTP as an application
and provides access to a web server [RFC7230]. However, it is protocol and provides access to a web server [RFC7230]. However, it
possible to use HTTP for other purposes, such as command and is possible to use HTTP for other purposes, such as command and
control. This is why some current services (HTTP, e.g.) are a bit control. This is why some current services (HTTP, e.g.) are a bit
overloaded - they describe not only the application protocol, but a overloaded -- they describe not only the application protocol, but a
particular service. particular service.
IANA assigns port numbers so that Internet endpoints do not need IANA assigns port numbers so that Internet endpoints do not need
pairwise, explicit coordination of the meaning of their port pairwise, explicit coordination of the meaning of their port numbers.
numbers. This is the primary reason for requesting port number This is the primary reason for requesting port number assignment by
assignment by IANA - to have a common agreement between all IANA -- to have a common agreement between all endpoints on the
endpoints on the Internet as to the default meaning of a port Internet as to the default meaning of a port number, which provides
number, which provides the endpoints with a default port number for the endpoints with a default port number for a particular protocol or
a particular protocol or service. service.
Port numbers are sometimes used by intermediate devices on a network Port numbers are sometimes used by intermediate devices on a network
path, either to monitor available services, to monitor traffic path, either to monitor available services, to monitor traffic (e.g.,
(e.g., to indicate the data contents), or to intercept traffic (to to indicate the data contents), or to intercept traffic (to block,
block, proxy, relay, aggregate, or otherwise process it). In each proxy, relay, aggregate, or otherwise process it). In each case, the
case, the intermediate device interprets traffic based on the port intermediate device interprets traffic based on the port number. It
number. It is important to recognize that any interpretation of port is important to recognize that any interpretation of port numbers --
numbers - except at the endpoints - may be incorrect, because port except at the endpoints -- may be incorrect, because port numbers are
numbers are meaningful only at the endpoints. Further, port numbers meaningful only at the endpoints. Further, port numbers may not be
may not be visible to these intermediate devices, such as when the visible to these intermediate devices, such as when the transport
transport protocol is encrypted (as in network- or link-layer protocol is encrypted (as in network- or link-layer tunnels) or when
tunnels), or when a packet is fragmented (in which case only the a packet is fragmented (in which case only the first fragment has the
first fragment has the port number information). Such port number port number information). Such port number invisibility may
invisibility may interfere with these in-network port number-based interfere with these capabilities, which are implemented inside the
capabilities. network and based on a port number.
Port numbers can also be used for other purposes. Assigned port Port numbers can also be used for other purposes. Assigned port
numbers can simplify end system configuration, so that individual numbers can simplify end-system configuration, so that individual
installations do not need to coordinate their use of arbitrary port installations do not need to coordinate their use of arbitrary port
numbers. Such assignments may also have the effect of simplifying numbers. Such assignments may also have the effect of simplifying
firewall management, so that a single, fixed firewall configuration firewall management, so that a single, fixed firewall configuration
can either permit or deny a service that uses the assigned ports. can either permit or deny a service that uses the assigned ports.
It is useful to differentiate a port number from a service name. The It is useful to differentiate a port number from a service name. The
former is a numeric value that is used directly in transport former is a numeric value that is used directly in transport protocol
protocol headers as a demultiplexing and service identifier. The headers as a demultiplexing and service identifier. The latter is
latter is primarily a user convenience, where the default map primarily a user convenience, where the default map between the two
between the two is considered static and resolved using a cached is considered static and resolved using a cached index. This
index. This document focuses on the former because it is the document focuses on the former because it is the fundamental network
fundamental network resource. Dynamic maps between the two, i.e., resource. Dynamic maps between the two, i.e., using DNS SRV records,
using DNS SRV records, are discussed further in Section 7.1. are discussed further in Section 7.1.
6. Conservation 6. Conservation
Assigned port numbers are a limited resource that is globally shared Assigned port numbers are a limited resource that is globally shared
by the entire Internet community. As of 2014, approximately 5850 TCP by the entire Internet community. As of 2014, approximately 5850 TCP
and 5570 UDP port numbers have been assigned out of a total range of and 5570 UDP port numbers had been assigned out of a total range of
49151. As a result of past conservation, current assigned port use 49151. As a result of past conservation, current assigned port use
is small and the current rate of assignment avoids the need for is small and the current rate of assignment avoids the need for
transition to larger number spaces. This conservation also helps transition to larger number spaces. This conservation also helps
avoid the need for IANA to rely on assigned port number reclamation, avoid the need for IANA to rely on assigned port number reclamation,
which is practically impossible even though procedurally permitted which is practically impossible even though procedurally permitted
[RFC6335]. [RFC6335].
IANA aims to assign only one port number per service, including IANA aims to assign only one port number per service, including
variants [RFC6335], but there are other benefits to using fewer port variants [RFC6335], but there are other benefits to using fewer port
numbers for a given service. Use of multiple assigned port numbers numbers for a given service. Use of multiple assigned port numbers
can make applications more fragile, especially when firewalls block can make applications more fragile, especially when firewalls block a
a subset of those port numbers or use ports numbers to route or subset of those port numbers or use ports numbers to route or
prioritize traffic differently. As a result: prioritize traffic differently. As a result:
>> Each assigned port requested MUST be justified by the applicant >> Each assigned port requested MUST be justified by the applicant as
as an independently useful service. an independently useful service.
6.1. Guiding Principles 6.1. Guiding Principles
This document provides recommendations for users that also help This document provides recommendations for users that also help
conserve assigned port number space. Again, this document does not conserve assigned port number space. Again, this document does not
update BCP165 [RFC6335], which describes the IANA procedures for update [RFC6335] (originally the sole document of BCP 165), which
managing assigned transport port numbers and services. Assigned port describes the IANA procedures for managing assigned transport port
number conservation is based on a number of basic principles: numbers and services, but rather augments it by now becoming part of
BCP 165 (i.e., BCP 165 now refers to both documents together).
Assigned port number conservation is based on a number of basic
principles:
o A single assigned port number can support different functions o A single assigned port number can support different functions over
over separate endpoint associations, determined using in-band separate endpoint associations, determined using in-band
information. An FTP data connection can transfer binary or information. An FTP data connection can transfer binary or text
text files, the latter translating line-terminators, as files, the latter translating line-terminators, as indicated in-
indicated in-band over the control port number [RFC959]. band over the control port number [RFC959].
o A single assigned port number can indicate the Dynamic port o A single assigned port number can indicate the Dynamic port
number(s) on which different capabilities are supported, as number(s) on which different capabilities are supported, as with
with passive-mode FTP [RFC959]. passive-mode FTP [RFC959].
o Several existing services can indicate the Dynamic port o Several existing services can indicate the Dynamic port number(s)
number(s) on which other services are supported, such as with on which other services are supported, such as with Multicast DNS
mDNS and portmapper [RFC1833] [RFC6762] [RFC6763]. (mDNS) and portmapper [RFC1833] [RFC6762] [RFC6763].
o Copies of some existing services can be differentiated using o Copies of some existing services can be differentiated using in-
in-band information (e.g., URIs in HTTP Host field and TLS band information (e.g., URIs in the HTTP Host field and TLS Server
Server Name Indication extension) [RFC7230] [RFC6066]. Name Indication extension) [RFC7230] [RFC6066].
o Services requiring varying performance properties can already o Services requiring varying performance properties can already be
be supported using separate endpoint associations (connections supported using separate endpoint associations (connections or
or other associations), each configured to support the desired other associations), each configured to support the desired
properties. E.g., a high-speed and low-speed variant can be properties. For example, a high-speed and low-speed variant can
determined within the service using the same assigned port. be determined within the service using the same assigned port.
Assigned port numbers are intended to differentiate services, not Assigned port numbers are intended to differentiate services, not
variations of performance, replicas, pairwise endpoint associations, variations of performance, replicas, pairwise endpoint associations,
or payload types. Assigned port numbers are also a small space or payload types. Assigned port numbers are also a small space
compared to other Internet number spaces; it is never appropriate to compared to other Internet number spaces; it is never appropriate to
consume assigned port numbers to conserve larger spaces such as IP consume assigned port numbers to conserve larger spaces such as IP
addresses, especially where copies of a service represent different addresses, especially where copies of a service represent different
endpoints. endpoints.
6.2. Firewall and NAT Considerations 6.2. Firewall and NAT Considerations
Ultimately, port numbers numbers indicate services only to the Ultimately, port numbers indicate services only to the endpoints, and
endpoints, and any intermediate device that assigns meaning to a any intermediate device that assigns meaning to a value can be
value can be incorrect. End systems might agree to run web services incorrect. End systems might agree to run web services (HTTP) over
(HTTP) over port number 53 (typically used for DNS) rather than port port number 53 (typically used for DNS) rather than port number 80,
number 80, at which point a firewall that blocks port number 80 but at which point a firewall that blocks port number 80 but permits port
permits port number 53 would not have the desired effect. number 53 would not have the desired effect. Nonetheless, assigned
Nonetheless, assigned port numbers are often used to help configure port numbers are often used to help configure firewalls and other
firewalls and other port-based systems for access control. port-based systems for access control.
Using Dynamic port numbers, or explicitly-indicated port numbers Using Dynamic port numbers, or explicitly indicated port numbers
indicated in-band over another service (such as with FTP) often indicated in-band over another service (such as with FTP) often
complicates firewall and NAT interactions [RFC959]. FTP over complicates firewall and NAT interactions [RFC959]. FTP over
firewalls often requires direct support for deep-packet inspection firewalls often requires direct support for deep-packet inspection
(to snoop for the Dynamic port number for the NAT to correctly map) (to snoop for the Dynamic port number for the NAT to correctly map)
or passive-mode FTP (in which both connections are opened from the or passive-mode FTP (in which both connections are opened from the
client side). client side).
7. Considerations for Requesting Port Number Assignments 7. Considerations for Requesting Port Number Assignments
Port numbers are assigned by IANA by a set of documented procedures Port numbers are assigned by IANA by a set of documented procedures
[RFC6335]. The following section describes the steps users can take [RFC6335]. The following section describes the steps users can take
to help assist with responsible use of assigned port numbers, and to help assist with responsible use of assigned port numbers and with
with preparing an application for a port number assignment. preparing an application for a port number assignment.
7.1. Is a port number assignment necessary? 7.1. Is a port number assignment necessary?
First, it is useful to consider whether a port number assignment is First, it is useful to consider whether a port number assignment is
required. In many cases, a new number assignment may not be needed, required. In many cases, a new number assignment may not be needed.
for example: The following questions may aid in making this determination:
o Is this really a new service, or can an existing service o Is this really a new service or could an existing service suffice?
suffice?
o Is this an experimental service [RFC3692]? If so, consider o Is this an experimental service [RFC3692]? If so, consider using
using the current experimental ports [RFC2780]. the current experimental ports [RFC2780].
o Is this service independently useful? Some systems are o Is this service independently useful? Some systems are composed
composed from collections of different service capabilities, from collections of different service capabilities, but not all
but not all component functions are useful as independent component functions are useful as independent services. Port
services. Port numbers are typically shared among the smallest numbers are typically shared among the smallest independently
independently-useful set of functions. Different service uses useful set of functions. Different service uses or properties can
or properties can be supported in separate pairwise endpoint be supported in separate pairwise endpoint associations after an
associations after an initial negotiation, e.g., to support initial negotiation, e.g., to support software decomposition.
software decomposition.
o Can this service use a Dynamic port number that is coordinated o Can this service use a Dynamic port number that is coordinated
out-of-band, e.g.: out-of-band? For example:
o By explicit configuration of both endpoints. o By explicit configuration of both endpoints.
o By internal mechanisms within the same host (e.g., a o By internal mechanisms within the same host (e.g., a
configuration file, indicated within a URI, or using configuration file, indicated within a URI or using
interprocess communication). interprocess communication).
o Using information exchanged on a related service: FTP, SIP, o Using information exchanged on a related service: FTP [RFC959],
etc. [RFC959] [RFC3261]. SIP [RFC3261], etc.
o Using an existing port discovery service: portmapper, mDNS, o Using an existing port discovery service: portmapper [RFC1833],
etc. [RFC1833] [RFC6762] [RFC6763]. mDNS [RFC6762] [RFC6763], etc.
There are a few good examples of reasons that more directly suggest There are a few good examples of reasons that more directly suggest
that not only is a port number assignment not necessary, but it is that not only is a port number assignment not necessary, but it is
directly counter-indicated: directly counter-indicated:
o Assigned port numbers are not intended to differentiate o Assigned port numbers are not intended to differentiate
performance variations within the same service, e.g., high- performance variations within the same service, e.g., high-speed
speed vs. ordinary speed. Performance variations can be versus ordinary speed. Performance variations can be supported
supported within a single assigned port number in context of within a single assigned port number in context of separate
separate pairwise endpoint associations. pairwise endpoint associations.
o Additional assigned port numbers are not intended to replicate o Additional assigned port numbers are not intended to replicate an
an existing service. For example, if a device is configured to existing service. For example, if a device is configured to use a
use a typical web browser then it the port number used for typical web browser, then the port number used for that service is
that service is a copy of the http service that is already a copy of the http service that is already assigned to port number
assigned to port number 80 and does not warrant a new 80 and does not warrant a new assignment. However, an automated
assignment. However, an automated system that happens to use system that happens to use HTTP framing -- but is not primarily
HTTP framing - but is not primarily accessed by a browser - accessed by a browser -- might be a new service. A good way to
might be a new service. A good way to tell is "can an tell is to ask, "Can an unmodified client of the existing service
unmodified client of the existing service interact with the interact with the proposed service?". If so, that service would
proposed service"? If so, that service would be a copy of an be a copy of an existing service and would not merit a new
existing service and would not merit a new assignment. assignment.
o Assigned port numbers not intended for intra-machine o Assigned port numbers not intended for intra-machine
communication. Such communication can already be supported by communication. Such communication can already be supported by
internal mechanisms (interprocess communication, shared internal mechanisms (interprocess communication, shared memory,
memory, shared files, etc.). When Internet communication shared files, etc.). When Internet communication within a host is
within a host is desired, the server can bind to a Dynamic desired, the server can bind to a Dynamic port that is indicated
port that is indicated to the client using these internal to the client using these internal mechanisms.
mechanisms.
o Separate assigned port numbers are not intended for insecure o Separate assigned port numbers are not intended for insecure
versions of existing (or new) secure services. A service that versions of existing (or new) secure services. A service that
already requires security would be made more vulnerable by already requires security would be made more vulnerable by having
having the same capability accessible without security. the same capability accessible without security.
Note that the converse is different, i.e., it can be useful to Note that the converse is different, i.e., it can be useful to
create a new, secure service that replicates an existing create a new, secure service that replicates an existing insecure
insecure service on a new port number assignment. This can be service on a new port number assignment. This can be necessary
necessary when the existing service is not backward-compatible when the existing service is not backward-compatible with security
with security enhancements, such as the use of TLS [RFC5246] enhancements, such as the use of TLS [RFC5246] or DTLS [RFC6347].
or DTLS [RFC6347].
o Assigned port numbers are not intended for indicating o Assigned port numbers are not intended for indicating different
different service versions. Version differentiation should be service versions. Version differentiation should be handled in-
handled in-band, e.g., using a version number at the beginning band, e.g., using a version number at the beginning of an
of an association (e.g., connection or other transaction). association (e.g., connection or other transaction). This may not
This may not be possible with legacy assignments, but all new be possible with legacy assignments, but all new services should
services should incorporate support for version indication. incorporate support for version indication.
Some services may not need assigned port numbers at all, e.g., SIP Some services may not need assigned port numbers at all, e.g., SIP
allows voice calls to use Dynamic ports [RFC3261]. Some systems can allows voice calls to use Dynamic ports [RFC3261]. Some systems can
register services in the DNS, using SRV entries. These services can register services in the DNS, using SRV entries. These services can
be discovered by a variety of means, including mDNS, or via direct be discovered by a variety of means, including mDNS, or via direct
query [RFC6762] [RFC6763]. In such cases, users can more easily query [RFC6762] [RFC6763]. In such cases, users can more easily
request a SRV name, which are assigned first-come, first-served from request an SRV name, which are assigned first-come, first-served from
a much larger namespace. a much larger namespace.
IANA assigns port numbers, but this assignment is typically used IANA assigns port numbers, but this assignment is typically used only
only for servers, i.e., the host that listens for incoming for servers, i.e., the host that listens for incoming connections or
connections or other associations. Clients, i.e., hosts that other associations. Clients, i.e., hosts that initiate connections
initiate connections or other associations, typically refer to those or other associations, typically refer to those assigned port numbers
assigned port numbers but do not need port number assignments for but do not need port number assignments for their endpoint.
their endpoint.
Finally, an assigned port number is not a guarantee of exclusive Finally, an assigned port number is not a guarantee of exclusive use.
use. Traffic for any service might appear on any port number, due to Traffic for any service might appear on any port number, due to
misconfiguration or deliberate misuse. Application and service misconfiguration or deliberate misuse. Application and service
designers are encouraged to validate traffic based on its content. designers are encouraged to validate traffic based on its content.
7.2. How Many Assigned Port Numbers? 7.2. How many assigned port numbers are necessary?
As noted earlier, systems might require a single port number As noted earlier, systems might require a single port number
assignment, but rarely require multiple port numbers. There are a assignment, but rarely require multiple port numbers. There are a
variety of known ways to reduce assigned port number consumption. variety of known ways to reduce assigned port number consumption.
Although some may be cumbersome or inefficient, they are nearly Although some may be cumbersome or inefficient, they are nearly
always preferable to consuming additional port number assignments. always preferable to consuming additional port number assignments.
Such techniques include: Such techniques include:
o Use of a discovery service, either a shared service (mDNS), or o Use of a discovery service, either a shared service (mDNS) or a
a discovery service for a given system [RFC6762] [RFC6763]. discovery service for a given system [RFC6762] [RFC6763].
o Multiplex packet types using in-band information, either on a o Multiplex packet types using in-band information, either on a per-
per-message or per-connection basis. Such demultiplexing can message or per-connection basis. Such demultiplexing can even
even hand-off different messages and connections among hand off different messages and connections among different
different processes, such as is done with FTP [RFC959]. processes, such as is done with FTP [RFC959].
There are some cases where NAT and firewall traversal are There are some cases where NAT and firewall traversal are
significantly improved by having an assigned port number. Although significantly improved by having an assigned port number. Although
NAT traversal protocols supporting automatic configuration have been NAT traversal protocols supporting automatic configuration have been
proposed and developed (e.g., STUN [RFC5389], TURN [RFC5766], and proposed and developed (e.g., Session Traversal Utilities for NAT
ICE [RFC5245]), not all application and service designers can rely (STUN) [RFC5389], Traversal Using Relays around NAT (TURN) [RFC5766],
on their presence as of yet. and Interactive Connectivity Establishment (ICE) [RFC5245]), not all
application and service designers can rely on their presence as of
yet.
In the past, some services were assigned multiple port numbers or In the past, some services were assigned multiple port numbers or
sometimes fairly large port ranges (e.g., X11). This occurred for a sometimes fairly large port ranges (e.g., X11). This occurred for a
variety of reasons: port number conservation was not as widely variety of reasons: port number conservation was not as widely
appreciated, assignments were not as ardently reviewed, etc. This no appreciated, assignments were not as ardently reviewed, etc. This no
longer reflects current practice and such assignments are not longer reflects current practice and such assignments are not
considered to constitute a precedent for future assignments. considered to constitute a precedent for future assignments.
7.3. Picking an Assigned Port Number 7.3. Picking an Assigned Port Number
Given a demonstrated need for a port number assignment, the next Given a demonstrated need for a port number assignment, the next
question is how to pick the desired port number. An application for question is how to pick the desired port number. An application for
a port number assignment does not need to include a desired port a port number assignment does not need to include a desired port
number; in that case, IANA will select from those currently number; in that case, IANA will select from those currently
available. available.
Users should consider whether the requested port number is Users should consider whether the requested port number is important.
important. For example, would an assignment be acceptable if IANA For example, would an assignment be acceptable if IANA picked the
picked the port number value? Would a TCP (or other transport port number value? Would a TCP (or other transport protocol) port
protocol) port number assignment be useful by itself? If so, a port number assignment be useful by itself? If so, a port number can be
number can be assigned to a service for one transport protocol where assigned to a service for one transport protocol where it is already
it is already (or can be subsequently) assigned to a different (or can be subsequently) assigned to a different service for other
service for other transport protocols. transport protocols.
The most critical issue in picking a number is selecting the desired The most critical issue in picking a number is selecting the desired
range, i.e., System vs. User port numbers. The distinction was range, i.e., System versus User port numbers. The distinction was
intended to indicate a difference in privilege; originally, System intended to indicate a difference in privilege; originally, System
port numbers required privileged ('root') access, while User port port numbers required privileged ('root') access, while User port
numbers did not. That distinction has since blurred because some numbers did not. That distinction has since blurred because some
current systems do not limit access control to System port numbers current systems do not limit access control to System port numbers
and because some System services have been replicated on User and because some System services have been replicated on User numbers
numbers (e.g., IRC). Even so, System port number assignments have (e.g., IRC). Even so, System port number assignments have continued
continued at an average rate of 3-4 per year over the past 7 years at an average rate of 3-4 per year over the past 7 years (2007-2013),
(2007-2013), indicating that the desire to keep this distinction indicating that the desire to keep this distinction continues.
continues.
As a result, the difference between System and User port numbers As a result, the difference between System and User port numbers
needs to be treated with caution. Developers are advised to treat needs to be treated with caution. Developers are advised to treat
services as if they are always run without privilege. services as if they are always run without privilege.
Even when developers seek a System port number assignment, it may be Even when developers seek a System port number assignment, it may be
very difficult to obtain. System port number assignment requires very difficult to obtain. System port number assignment requires
IETF Review or IESG Approval and justification that both User and IETF Review or IESG Approval and justification that both User and
Dynamic port number ranges are insufficient [RFC6335]. Thus this Dynamic port number ranges are insufficient [RFC6335]. Thus, this
document recommends both: document recommends both:
>> Developers SHOULD NOT apply for System port number assignments >> Developers SHOULD NOT apply for System port number assignments
because the increased privilege they are intended to provide is not because the increased privilege they are intended to provide is not
always enforced. always enforced.
>> System implementers SHOULD enforce the need for privilege for >> System implementers SHOULD enforce the need for privilege for
processes to listen on System port numbers. processes to listen on System port numbers.
At some future date, it might be useful to deprecate the distinction At some future date, it might be useful to deprecate the distinction
between System and User port numbers altogether. Services typically between System and User port numbers altogether. Services typically
require elevated ('root') privileges to bind to a System port require elevated ('root') privileges to bind to a System port number,
number, but many such services go to great lengths to immediately but many such services go to great lengths to immediately drop those
drop those privileges just after connection or other association privileges just after connection or other association establishment
establishment to reduce the impact of an attack using their to reduce the impact of an attack using their capabilities. Such
capabilities. Such services might be more securely operated on User services might be more securely operated on User port numbers than on
port numbers than on System port numbers. Further, if System port System port numbers. Further, if System port numbers were no longer
numbers were no longer assigned, as of 2014 it would cost only 180 assigned, as of 2014 it would cost only 180 of the 1024 System values
of the 1024 System values (17%), or 180 of the overall 49152 (17%), or 180 of the overall 49152 assigned (System and User) values
assigned (System and User) values (<0.04%). (<0.04%).
7.4. Support for Security 7.4. Support for Security
Just as a service is a way to obtain information or processing from Just as a service is a way to obtain information or processing from a
a host over a network, a service can also be the opening through host over a network, a service can also be the opening through which
which to compromise that host. Protecting a service involves to compromise that host. Protecting a service involves security,
security, which includes integrity protection, source which includes integrity protection, source authentication, privacy,
authentication, privacy, or any combination of these capabilities. or any combination of these capabilities. Security can be provided
Security can be provided in a number of ways, and thus: in a number of ways, and thus:
>> New services SHOULD support security capabilities, either >> New services SHOULD support security capabilities, either directly
directly or via a content protection such as TLS [RFC5246] or DTLS or via a content protection such as TLS [RFC5246] or Datagram TLS
[RFC6347] or transport protection such as TCP-AO [RFC5925]. Insecure (DTLS) [RFC6347], or transport protection such as the TCP-AO
versions of new or existing secure services SHOULD be avoided [RFC5925]. Insecure versions of new or existing secure services
because of the new vulnerability they create. SHOULD be avoided because of the new vulnerability they create.
Secure versions of legacy services that are not already security- Secure versions of legacy services that are not already security-
capable via in-band negotiations can be very useful. However, there capable via in-band negotiations can be very useful. However, there
is no IETF consensus on when separate ports should be used for is no IETF consensus on when separate ports should be used for secure
secure and insecure variants of the same service [RFC2595] [RFC2817] and insecure variants of the same service [RFC2595] [RFC2817]
[RFC6335]. The overall preference is for use of a single port, as [RFC6335]. The overall preference is for use of a single port, as
noted in Section 6 of this document and Section 7.2 of [RFC6335], noted in Section 6 of this document and Section 7.2 of [RFC6335], but
but the appropriate approach depends on the specific characteristics the appropriate approach depends on the specific characteristics of
of the service. As a result: the service. As a result:
>> When requesting both secure and insecure port assignments for the >> When requesting both secure and insecure port assignments for the
same service, justification is expected for the utility and safety same service, justification is expected for the utility and safety of
of each port as an independent service (Section 6). Precedent (e.g., each port as an independent service (Section 6). Precedent (e.g.,
citing other protocols that use a separate insecure port) is citing other protocols that use a separate insecure port) is
inadequate justification by itself. inadequate justification by itself.
It's also important to recognize that port number assignment is not It's also important to recognize that port number assignment is not
itself a guarantee that traffic using that number provides the itself a guarantee that traffic using that number provides the
corresponding service, or that a given service is always offered corresponding service or that a given service is always offered only
only on its assigned port number. Port numbers are ultimately on its assigned port number. Port numbers are ultimately meaningful
meaningful only between endpoints and any service can be run on any only between endpoints and any service can be run on any port. Thus:
port. Thus:
>> Security SHOULD NOT rely on assigned port number distinctions >> Security SHOULD NOT rely on assigned port number distinctions
alone; every service, whether secure or not, is likely to be alone; every service, whether secure or not, is likely to be
attacked. attacked.
Applications for a new service that requires both a secure and Applications for a new service that requires both a secure and
insecure port may be found, on expert review, to be unacceptable, insecure port may be found, on Expert Review, to be unacceptable, and
and may not be approved for allocation. Similarly, an application may not be approved for allocation. Similarly, an application for a
for a new port to support an insecure variant of an existing secure new port to support an insecure variant of an existing secure
protocol may be found unacceptable. In both cases, the resulting protocol may be found unacceptable. In both cases, the resulting
security of the service in practice will be a significant security of the service in practice will be a significant
consideration in the decision as to whether to assign an insecure consideration in the decision as to whether to assign an insecure
port. port.
7.5. Support for Future Versions 7.5. Support for Future Versions
Requests for assigned port numbers are expected to support multiple Requests for assigned port numbers are expected to support multiple
versions on the same assigned port number [RFC6335]. Versions are versions on the same assigned port number [RFC6335]. Versions are
typically indicated in-band, either at the beginning of a connection typically indicated in-band, either at the beginning of a connection
or other association, or in each protocol message. or other association or in each protocol message.
>> Version support SHOULD be included in new services rather than >> Version support SHOULD be included in new services rather than
relying on different port number assignments for different versions. relying on different port number assignments for different versions.
>> Version numbers SHOULD NOT be included in either the service name >> Version numbers SHOULD NOT be included in either the service name
or service description, to avoid the need to make additional port or service description, to avoid the need to make additional port
number assignments for future variants of a service. number assignments for future variants of a service.
Again, the assigned port number space is far too limited to be used Again, the assigned port number space is far too limited to be used
as an indicator of protocol version or message type. Although this as an indicator of protocol version or message type. Although this
has happened in the past (e.g., for NFS), it should be avoided in has happened in the past (e.g., for NFS), it should be avoided in new
new requests. requests.
7.6. Transport Protocols 7.6. Transport Protocols
IANA assigns port numbers specific to one or more transport IANA assigns port numbers specific to one or more transport
protocols, typically UDP [RFC768] and TCP [RFC793], but also SCTP protocols, typically UDP [RFC768] and TCP [RFC793], but also SCTP
[RFC4960], DCCP [RFC4340], and any other standard transport [RFC4960], DCCP [RFC4340], and any other standard transport protocol.
protocol. Originally, IANA port number assignments were concurrent Originally, IANA port number assignments were concurrent for both UDP
for both UDP and TCP, and other transports were not indicated. and TCP, and other transports were not indicated. However, to
However, to conserve the assigned port number space and to reflect conserve the assigned port number space and to reflect increasing use
increasing use of other transports, assignments are now specific of other transports, assignments are now specific only to the
only to the transport being used. transport being used.
In general, a service should request assignments for multiple In general, a service should request assignments for multiple
transports using the same service name and description on the same transports using the same service name and description on the same
port number only when they all reflect essentially the same service. port number only when they all reflect essentially the same service.
Good examples of such use are DNS and NFS, where the difference Good examples of such use are DNS and NFS, where the difference
between the UDP and TCP services are specific to supporting each between the UDP and TCP services are specific to supporting each
transport. E.g., the UDP variant of a service might add sequence transport. For example, the UDP variant of a service might add
numbers and the TCP variant of the same service might add in-band sequence numbers and the TCP variant of the same service might add
message delimiters. This document does not describe the appropriate in-band message delimiters. This document does not describe the
selection of a transport protocol for a service. appropriate selection of a transport protocol for a service.
>> Service names and descriptions for multiple transport port number >> Service names and descriptions for multiple transport port number
assignments SHOULD match only when they describe the same service, assignments SHOULD match only when they describe the same service,
excepting only enhancements for each supported transport. excepting only enhancements for each supported transport.
When the services differ, it may be acceptable or preferable to use When the services differ, it may be acceptable or preferable to use
the same port number, but the service names and descriptions should the same port number, but the service names and descriptions should
be different for each transport/service pair, reflecting the be different for each transport/service pair, reflecting the
differences in the services. E.g., if TCP is used for the basic differences in the services. For example, if TCP is used for the
control protocol and UDP for an alarm protocol, then the services basic control protocol and UDP for an alarm protocol, then the
might be "name-ctl" and "name-alarm". A common example is when TCP services might be "name-ctl" and "name-alarm". A common example is
is used for a service and UDP is used to determine whether that when TCP is used for a service and UDP is used to determine whether
service is active (e.g., via a unicast, broadcast, or multicast test that service is active (e.g., via a unicast, broadcast, or multicast
message) [RFC1122]. IANA has, for several years, used the suffix "- test message) [RFC1122]. IANA has, for several years, used the
disc" in service names to distinguish discovery services, such as suffix "-disc" in service names to distinguish discovery services,
are used to identify endpoints capable of a given service: such as are used to identify endpoints capable of a given service.
>> Names of discovery services SHOULD use an identifiable suffix; >> Names of discovery services SHOULD use an identifiable suffix; the
the suggestion is "-disc". suggestion is "-disc".
Some services are used for discovery, either in conjunction with a Some services are used for discovery, either in conjunction with a
TCP service or as a stand-alone capability. Such services will be TCP service or as a stand-alone capability. Such services will be
more reliable when using multicast rather than broadcast (over IPv4) more reliable when using multicast rather than broadcast (over IPv4)
because IP routers do not forward "all nodes" broadcasts (all 1's, because IP routers do not forward "all nodes" broadcasts (all 1's,
i.e., 255.255.255.255 for IPv4) and have not been required to i.e., 255.255.255.255 for IPv4) and have not been required to support
support subnet-directed broadcasts since 1999 [RFC1812] [RFC2644]. subnet-directed broadcasts since 1999 [RFC1812] [RFC2644].
This issue is relevant only for IPv4 because IPv6 does not support This issue is relevant only for IPv4 because IPv6 does not support
broadcast. broadcast.
>> UDP over IPv4 multi-host services SHOULD use multicast rather >> UDP over IPv4 multi-host services SHOULD use multicast rather than
than broadcast. broadcast.
Designers should be very careful in creating services over Designers should be very careful in creating services over transports
transports that do not support congestion control or error recovery, that do not support congestion control or error recovery, notably
notably UDP. There are several issues that should be considered in UDP. There are several issues that should be considered in such
such cases, as summarized in Table 1 in [RFC5405]. In addition, the cases, as summarized in Table 1 in [RFC5405]. In addition, the
following recommendations apply to service design: following recommendations apply to service design:
>> Services that use multipoint communication SHOULD be scalable, >> Services that use multipoint communication SHOULD be scalable and
and SHOULD NOT rely solely on the efficiency of multicast SHOULD NOT rely solely on the efficiency of multicast transmission
transmission for scalability. for scalability.
>> Services SHOULD NOT use UDP as a performance enhancement over >> Services SHOULD NOT use UDP as a performance enhancement over TCP,
TCP, e.g., to circumnavigate TCP's congestion control. e.g., to circumnavigate TCP's congestion control.
7.7. When to Request an Assignment 7.7. When to Request an Assignment
Assignments are typically requested when a user has enough Assignments are typically requested when a user has enough
information to reasonably answer the questions in the IANA information to reasonably answer the questions in the IANA
application. IANA applications typically take up to a few weeks to application. IANA applications typically take up to a few weeks to
process, with some complex cases taking up to a month. The process process, with some complex cases taking up to a month. The process
typically involves a few exchanges between the IANA Ports Expert typically involves a few exchanges between the IANA Ports Expert
Review team and the applicant. Review team and the applicant.
An application needs to include a description of the service, as An application needs to include a description of the service, as well
well as to address key questions designed to help IANA determine as to address key questions designed to help IANA determine whether
whether the assignment is justified. The application should be the assignment is justified. The application should be complete and
complete and not refer solely to the Internet Draft, RFC, a website, not refer solely to an Internet-Draft, RFC, website, or any other
or any other external documentation. external documentation.
Services that are independently developed can be requested at any Services that are independently developed can be requested at any
time, but are typically best requested in the last stages of design time, but are typically best requested in the last stages of design
and initial experimentation, before any deployment has occurred that and initial experimentation, before any deployment has occurred that
cannot easily be updated. cannot easily be updated.
>> Users MUST NOT deploy implementations that use assigned port >> Users MUST NOT deploy implementations that use assigned port
numbers prior their assignment by IANA. numbers prior their assignment by IANA.
>> Users MUST NOT deploy implementations that default to using the >> Users MUST NOT deploy implementations that default to using the
experimental System port numbers (1021 and 1022 [RFC4727]) outside a experimental System port numbers (1021 and 1022 [RFC4727]) outside a
controlled environment where they can be updated with a subsequent controlled environment where they can be updated with a subsequent
assigned port [RFC3692]. assigned port [RFC3692].
Deployments that use unassigned port numbers before assignment Deployments that use unassigned port numbers before assignment
complicate IANA management of the port number space. Keep in mind complicate IANA management of the port number space. Keep in mind
that this recommendation protects existing assignees, users of that this recommendation protects existing assignees, users of
current services, and applicants for new assignments; it helps current services, and applicants for new assignments; it helps ensure
ensure that a desired number and service name are available when that a desired number and service name are available when assigned.
assigned. The list of currently unassigned numbers is just that - The list of currently unassigned numbers is just that -- *currently*
*currently* unassigned. It does not reflect pending applications. unassigned. It does not reflect pending applications. Waiting for
Waiting for an official IANA assignment reduces the chance that an an official IANA assignment reduces the chance that an assignment
assignment request will conflict with another deployed service. request will conflict with another deployed service.
Applications made through Internet Draft / RFC publication (in any Applications made through Internet-Draft posting or RFC publication
stream) typically use a placeholder ("PORTNUM") in the text, and (in any stream) typically use a placeholder ("PORTNUM") in the text,
implementations use an experimental port number until a final and implementations use an experimental port number until a final
assignment has been made [RFC6335]. That assignment is initially assignment has been made [RFC6335]. That assignment is initially
indicated in the IANA Considerations section of the document, which indicated in the IANA Considerations section of the document, which
is tracked by the RFC Editor. When a document has been approved for is tracked by the RFC Editor. When a document has been approved for
publication, that request is forwarded to IANA for handling. IANA publication, that request is forwarded to IANA for handling. IANA
will make the new assignment accordingly. At that time, IANA may will make the new assignment accordingly. At that time, IANA may
also request that the applicant fill out the application form on also request that the applicant fill out the application form on
their website, e.g., when the RFC does not directly address the their website, e.g., when the RFC does not directly address the
information expected as per [RFC6335]. "Early" assignments can be information expected as per [RFC6335]. "Early" assignments can be
made when justified, e.g., for early interoperability testing, made when justified, e.g., for early interoperability testing,
according to existing process [RFC7120] [RFC6335]. according to existing process [RFC7120] [RFC6335].
>> Users writing specifications SHOULD use symbolic names for port >> Users writing specifications SHOULD use symbolic names for port
numbers and service names until an IANA assignment has been numbers and service names until an IANA assignment has been
completed. Implementations SHOULD use experimental port numbers completed. Implementations SHOULD use experimental port numbers
during this time, but those numbers MUST NOT be cited in during this time, but those numbers MUST NOT be cited in
documentation except as interim. documentation except as interim.
7.8. Squatting 7.8. Squatting
"Squatting" describes the use of a number from the assignable range "Squatting" describes the use of a number from the assignable range
in deployed software without IANA assignment for that use, in deployed software without IANA assignment for that use, regardless
regardless of whether the number has been assigned or remains of whether the number has been assigned or remains available for
available for assignment. It is hazardous because IANA cannot track assignment. It is hazardous because IANA cannot track such usage and
such usage and thus cannot avoid making legitimate assignments that thus cannot avoid making legitimate assignments that conflict with
conflict with such unauthorized usage. such unauthorized usage.
Such "squatted" port numbers remain unassigned, and IANA retains the Such "squatted" port numbers remain unassigned, and IANA retains the
right to assign them when requested by other applicants. Application right to assign them when requested by other applicants. Application
and service designers are reminded that is never appropriate to use and service designers are reminded that is never appropriate to use
port numbers that have not been directly assigned [RFC6335]. In port numbers that have not been directly assigned [RFC6335]. In
particular, any unassigned code from the assigned ranges will be particular, any unassigned code from the assigned ranges will be
assigned by IANA, and any conflict will be easily resolved as the assigned by IANA, and any conflict will be easily resolved as the
protocol designer's fault once that happens (because they would not protocol designer's fault once that happens (because they would not
be the assignee). This may reflect in the public's judgment on the be the assignee). This may reflect in the public's judgment on the
quality of their expertise and cooperation with the Internet quality of their expertise and cooperation with the Internet
community. community.
Regardless, there are numerous services that have squatted on such Regardless, there are numerous services that have squatted on such
numbers that are in widespread use. Designers who are using such numbers that are in widespread use. Designers who are using such
port numbers are encouraged to apply for an assignment. Note that port numbers are encouraged to apply for an assignment. Note that
even widespread de-facto use may not justify a later IANA assignment even widespread de facto use may not justify a later IANA assignment
of that value, especially if either the value has already been of that value, especially if either the value has already been
assigned to a legitimate applicant or if the service would not assigned to a legitimate applicant or if the service would not
qualify for an assignment of its own accord. qualify for an assignment of its own accord.
7.9. Other Considerations 7.9. Other Considerations
As noted earlier, System port numbers should be used sparingly, and As noted earlier, System port numbers should be used sparingly, and
it is better to avoid them altogether. This avoids the potentially it is better to avoid them altogether. This avoids the potentially
incorrect assumption that the service on such port numbers run in a incorrect assumption that the service on such port numbers run in a
privileged mode. privileged mode.
Assigned port numbers are not intended to be changed; this includes Assigned port numbers are not intended to be changed; this includes
the corresponding service name. Once deployed, it can be very the corresponding service name. Once deployed, it can be very
difficult to recall every implementation, so the assignment should difficult to recall every implementation, so the assignment should be
be retained. However, in cases where the current assignee of a name retained. However, in cases where the current assignee of a name or
or number has reasonable knowledge of the impact on such uses, and number has reasonable knowledge of the impact on such uses, and is
is willing to accept that impact, the name or number of an willing to accept that impact, the name or number of an assignment
assignment can be changed [RFC6335] can be changed [RFC6335]
Aliases, or multiple service names for the same assigned port Aliases, or multiple service names for the same assigned port number,
number, are no longer considered appropriate [RFC6335]. are no longer considered appropriate [RFC6335].
8. Security Considerations 8. Security Considerations
This document focuses on the issues arising when designing services This document focuses on the issues arising when designing services
that require new port assignments. Section 7.4 addresses the that require new port assignments. Section 7.4 addresses the
security and security-related issues of that interaction. security and security-related issues of that interaction.
When designing a secure service, the use of TLS [RFC5246], DTLS When designing a secure service, the use of TLS [RFC5246], DTLS
[RFC6347], or TCP-AO [RFC5925] mechanisms that protect transport [RFC6347], or TCP-AO [RFC5925] mechanisms that protect transport
protocols or their contents is encouraged. It may not be possible to protocols or their contents is encouraged. It may not be possible to
use IPsec [RFC4301] in similar ways because of the different use IPsec [RFC4301] in similar ways because of the different
relationship between IPsec and port numbers and because applications relationship between IPsec and port numbers and because applications
may not be aware of IPsec protections. may not be aware of IPsec protections.
This document reminds application and service designers that port This document reminds application and service designers that port
numbers do not protect against denial of service attack or guarantee numbers do not protect against denial-of-service attack or guarantee
that traffic should be trusted. Using assigned numbers for port that traffic should be trusted. Using assigned numbers for port
filtering isn't a substitute for authentication, encryption, and filtering isn't a substitute for authentication, encryption, and
integrity protection. The port number alone should not be used to integrity protection. The port number alone should not be used to
avoid denial of service attacks or to manage firewall traffic avoid denial-of-service attacks or to manage firewall traffic because
because the use of port numbers is not regulated or validated. the use of port numbers is not regulated or validated.
The use of assigned port numbers is the antithesis of privacy The use of assigned port numbers is the antithesis of privacy because
because they are intended to explicitly indicate the desired they are intended to explicitly indicate the desired application or
application or service. Strictly, port numbers are meaningful only service. Strictly, port numbers are meaningful only at the
at the endpoints, so any interpretation elsewhere in the network can endpoints, so any interpretation elsewhere in the network can be
be arbitrarily incorrect. However, those numbers can also expose arbitrarily incorrect. However, those numbers can also expose
information about available services on a given host. This information about available services on a given host. This
information can be used by intermediate devices to monitor and information can be used by intermediate devices to monitor and
intercept traffic as well as to potentially identify key endpoint intercept traffic as well as to potentially identify key endpoint
software properties ("fingerprinting"), which can be used to direct software properties ("fingerprinting"), which can be used to direct
other attacks. other attacks.
9. IANA Considerations 9. IANA Considerations
The entirety of this document focuses on suggestions that help The entirety of this document focuses on suggestions that help ensure
ensure the conservation of port numbers and provide useful hints for the conservation of port numbers and provide useful hints for issuing
issuing informative requests thereof. informative requests thereof.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2780] Bradner, S., and V. Paxson, "IANA Allocation Guidelines [RFC2780] Bradner, S. and V. Paxson, "IANA Allocation Guidelines For
For Values In the Internet Protocol and Related Headers", Values In the Internet Protocol and Related Headers", BCP
BCP 37, RFC 2780, March 2000. 37, RFC 2780, DOI 10.17487/RFC2780, March 2000,
<http://www.rfc-editor.org/info/rfc2780>.
[RFC3692] Narten, T., "Assigning Experimental and Testing Numbers [RFC3692] Narten, T., "Assigning Experimental and Testing Numbers
Considered Useful", BCP 82, RFC 3962, Jan. 2004. Considered Useful", BCP 82, RFC 3692,
DOI 10.17487/RFC3692, January 2004,
<http://www.rfc-editor.org/info/rfc3692>.
[RFC4727] Fenner, B., "Experimental Values in IPv4, IPv6, ICMPv4, [RFC4727] Fenner, B., "Experimental Values In IPv4, IPv6, ICMPv4,
ICMPv6, UDP, and TCP Headers", RFC 4727, November 2006. ICMPv6, UDP, and TCP Headers", RFC 4727,
DOI 10.17487/RFC4727, November 2006,
<http://www.rfc-editor.org/info/rfc4727>.
[RFC5246] Dierks, T., and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008,
<http://www.rfc-editor.org/info/rfc5246>.
[RFC5405] Eggert, L., and G. Fairhurst, "Unicast UDP Usage [RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines
Guidelines for Application Designers", BCP 145, RFC 5405, for Application Designers", BCP 145, RFC 5405,
Nov. 2008. DOI 10.17487/RFC5405, November 2008,
<http://www.rfc-editor.org/info/rfc5405>.
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, June 2010. Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
June 2010, <http://www.rfc-editor.org/info/rfc5925>.
[RFC6335] Cotton, M., L. Eggert, J. Touch, M. Westerlund, and S. [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
Cheshire, "Internet Assigned Numbers Authority (IANA) Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry", BCP 165, RFC Transport Protocol Port Number Registry", BCP 165, RFC
6335, August 2011. 6335, DOI 10.17487/RFC6335, August 2011,
<http://www.rfc-editor.org/info/rfc6335>.
[RFC6347] Rescorla, E., and N. Modadugu, "Datagram Transport Layer [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, January 2012. Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>.
10.2. Informative References 10.2. Informative References
[IEN112] Postel, J., "Transmission Control Protocol", IEN 112, [IEN112] Postel, J., "Transmission Control Protocol", IEN 112,
August 1979. August 1979.
[RFC33] Crocker, S., "New Host-Host Protocol", RFC 33 February [RFC33] Crocker, S., "New Host-Host Protocol", RFC 33,
1970. DOI 10.17487/RFC0033, February 1970,
<http://www.rfc-editor.org/info/rfc33>.
[RFC37] Crocker, S., "Network Meeting Epilogue", RFC 37, March [RFC37] Crocker, S., "Network Meeting Epilogue, etc", RFC 37,
1970. DOI 10.17487/RFC0037, March 1970,
<http://www.rfc-editor.org/info/rfc37>.
[RFC38] Wolfe, S., "Comments on Network Protocol from NWG/RFC [RFC38] Wolfe, S., "Comments on Network Protocol from NWG/RFC
#36", RFC 38, March 1970. #36", RFC 38, DOI 10.17487/RFC0038, March 1970,
<http://www.rfc-editor.org/info/rfc38>.
[RFC48] Postel, J., and S. Crocker, "Possible protocol plateau", [RFC48] Postel, J. and S. Crocker, "Possible protocol plateau",
RFC 48, April 1970. RFC 48, DOI 10.17487/RFC0048, April 1970,
<http://www.rfc-editor.org/info/rfc48>.
[RFC61] Walden, D., "Note on Interprocess Communication in a [RFC61] Walden, D., "Note on Interprocess Communication in a
Resource Sharing Computer Network", RFC 61, July 1970. Resource Sharing Computer Network", RFC 61,
DOI 10.17487/RFC0061, July 1970,
<http://www.rfc-editor.org/info/rfc61>.
[RFC76] Bouknight, J., J. Madden, and G. Grossman, "Connection by [RFC76] Bouknight, J., Madden, J., and G. Grossman, "Connection by
name: User oriented protocol", RFC 76, October 1970. name: User oriented protocol", RFC 76,
DOI 10.17487/RFC0076, October 1970,
<http://www.rfc-editor.org/info/rfc76>.
[RFC333] Bressler, R., D. Murphy, and D. Walden. "Proposed [RFC333] Bressler, R., Murphy, D., and D. Walden, "Proposed
experiment with a Message Switching Protocol", RFC 333, experiment with a Message Switching Protocol", RFC 333,
May 1972. DOI 10.17487/RFC0333, May 1972,
<http://www.rfc-editor.org/info/rfc333>.
[RFC739] Postel, J., "Assigned numbers", RFC 739, November 1977. [RFC739] Postel, J., "Assigned numbers", RFC 739,
DOI 10.17487/RFC0739, November 1977,
<http://www.rfc-editor.org/info/rfc739>.
[RFC758] Postel, J., "Assigned numbers", RFC 758, August 1979. [RFC758] Postel, J., "Assigned numbers", RFC 758,
DOI 10.17487/RFC0758, August 1979,
<http://www.rfc-editor.org/info/rfc758>.
[RFC768] Postel, J., "User Datagram Protocol", RFC 768, August [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
1980. DOI 10.17487/RFC0768, August 1980,
<http://www.rfc-editor.org/info/rfc768>.
[RFC793] Postel, J., "Transmission Control Protocol" RFC 793, [RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC
September 1981 793, DOI 10.17487/RFC0793, September 1981,
<http://www.rfc-editor.org/info/rfc793>.
[RFC820] Postel, J., "Assigned numbers", RFC 820, August 1982. [RFC820] Postel, J., "Assigned numbers", RFC 820,
DOI 10.17487/RFC0820, August 1982,
<http://www.rfc-editor.org/info/rfc820>.
[RFC900] Reynolds, J., and J. Postel, "Assigned numbers", RFC 900, [RFC900] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 900,
June 1984. DOI 10.17487/RFC0900, June 1984,
<http://www.rfc-editor.org/info/rfc900>.
[RFC959] Postel, J., and J. Reynolds, "FILE TRANSFER PROTOCOL [RFC959] Postel, J. and J. Reynolds, "File Transfer Protocol", STD
(FTP)", RFC 959, October 1985. 9, RFC 959, DOI 10.17487/RFC0959, October 1985,
<http://www.rfc-editor.org/info/rfc959>.
[RFC1122] Braden, B. (Ed.), "Requirements for Internet Hosts -- [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts -
Communication Layers", RFC 1122, October 1989. Communication Layers", STD 3, RFC 1122,
DOI 10.17487/RFC1122, October 1989,
<http://www.rfc-editor.org/info/rfc1122>.
[RFC1340] Reynolds, J., and J. Postel, "Assigned numbers", RFC 1340, [RFC1340] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1340,
July 1992. DOI 10.17487/RFC1340, July 1992,
<http://www.rfc-editor.org/info/rfc1340>.
[RFC1700] Reynolds, J., and J. Postel, "Assigned numbers", RFC 1700, [RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700,
October 1994. DOI 10.17487/RFC1700, October 1994,
<http://www.rfc-editor.org/info/rfc1700>.
[RFC1812] Baker, F. (Ed.), "Requirements for IP Version 4 Routers", [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers",
RFC 1812, June 1995. RFC 1812, DOI 10.17487/RFC1812, June 1995,
<http://www.rfc-editor.org/info/rfc1812>.
[RFC1833] Srinivasan, R., "Binding Protocols for ONC RPC Version 2", [RFC1833] Srinivasan, R., "Binding Protocols for ONC RPC Version 2",
RFC 1833, August 1995. RFC 1833, DOI 10.17487/RFC1833, August 1995,
<http://www.rfc-editor.org/info/rfc1833>.
[RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC
2595, June 1999. 2595, DOI 10.17487/RFC2595, June 1999,
<http://www.rfc-editor.org/info/rfc2595>.
[RFC2644] Senie, D., "Changing the Default for Directed Broadcasts [RFC2644] Senie, D., "Changing the Default for Directed Broadcasts
in Routers", RFC 2644, August 1999. in Routers", BCP 34, RFC 2644, DOI 10.17487/RFC2644,
August 1999, <http://www.rfc-editor.org/info/rfc2644>.
[RFC2817] Khare, R., and S. Lawrence, "Upgrading to TLS Within [RFC2817] Khare, R. and S. Lawrence, "Upgrading to TLS Within
HTTP/1.1", RFC 2817, May 2000. HTTP/1.1", RFC 2817, DOI 10.17487/RFC2817, May 2000,
<http://www.rfc-editor.org/info/rfc2817>.
[RFC3232] Reynolds, J. (Ed.), "Assigned Numbers: RFC 1700 is [RFC3232] Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced
Replaced by an On-line Database", RFC 3232, January 2002. by an On-line Database", RFC 3232, DOI 10.17487/RFC3232,
January 2002, <http://www.rfc-editor.org/info/rfc3232>.
[RFC3261] Rosenberg, J., H. Schulzrinne, G. Camarillo, A. Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
J. Peterson, R. Sparks, M. Handley, and E. Schooler, "SIP: A., Peterson, J., Sparks, R., Handley, M., and E.
Session Initiation Protocol", RFC 3261, June 2002. Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002,
<http://www.rfc-editor.org/info/rfc3261>.
[RFC4301] Kent, S., and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005. Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, <http://www.rfc-editor.org/info/rfc4301>.
[RFC4340] Kohler, E., M. Handley, and S. Floyd, "Datagram Congestion [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Control Protocol (DCCP)", RFC 4340, March 2006. Congestion Control Protocol (DCCP)", RFC 4340,
DOI 10.17487/RFC4340, March 2006,
<http://www.rfc-editor.org/info/rfc4340>.
[RFC4960] Stewart, R. (Ed.), "Stream Control Transmission Protocol", [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol",
RFC 4960, September 2007. RFC 4960, DOI 10.17487/RFC4960, September 2007,
<http://www.rfc-editor.org/info/rfc4960>.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
(ICE): A Protocol for Network Address Translator (NAT) IANA Considerations Section in RFCs", BCP 26, RFC 5226,
Traversal for Offer/Answer Protocols", RFC 5245, April DOI 10.17487/RFC5226, May 2008,
2010. <http://www.rfc-editor.org/info/rfc5226>.
[RFC5389] Rosenberg, J., R. Mahy, P. Matthews, and D. Wing, "Session [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
Traversal Utilities for NAT", RFC 5389, October 2008. (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245,
DOI 10.17487/RFC5245, April 2010,
<http://www.rfc-editor.org/info/rfc5245>.
[RFC5766] Mahy, R., P. Matthews, and J. Rosenberg, "Traversal Using [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
Relays around NAT (TURN): Relay Extensions to Session "Session Traversal Utilities for NAT (STUN)", RFC 5389,
Traversal Utilities for NAT (STUN)", RFC 5766, April 2010. DOI 10.17487/RFC5389, October 2008,
<http://www.rfc-editor.org/info/rfc5389>.
[RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using
Extensions: Extension Definitions", RFC 6066, January Relays around NAT (TURN): Relay Extensions to Session
2011. Traversal Utilities for NAT (STUN)", RFC 5766,
DOI 10.17487/RFC5766, April 2010,
<http://www.rfc-editor.org/info/rfc5766>.
[RFC6762] Cheshire, S., and M. Krochmal, "Multicast DNS", RFC 6762, [RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS)
February 2013. Extensions: Extension Definitions", RFC 6066,
DOI 10.17487/RFC6066, January 2011,
<http://www.rfc-editor.org/info/rfc6066>.
[RFC6763] Cheshire, S., and M. Krochmal, "DNS-Based Service [RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
Discovery", RFC 6763, February 2013. DOI 10.17487/RFC6762, February 2013,
<http://www.rfc-editor.org/info/rfc6762>.
[RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Points", BCP 100, RFC 7120, January 2014. Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013,
<http://www.rfc-editor.org/info/rfc6763>.
[RFC7230] Fielding, R., (Ed.), and J. Reshke, (Ed.), "Hypertext [RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code
Transfer Protocol (HTTP/1.1): Message Syntax and Routing", Points", BCP 100, RFC 7120, DOI 10.17487/RFC7120, January
RFC 7230, June 2014. 2014, <http://www.rfc-editor.org/info/rfc7120>.
11. Acknowledgments [RFC7230] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext
Transfer Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014,
<http://www.rfc-editor.org/info/rfc7230>.
This work benefitted from the feedback from David Black, Lars Acknowledgments
Eggert, Gorry Fairhurst, and Eliot Lear, as well as discussions of
the IETF TSVWG WG.
This document was prepared using 2-Word-v2.0.template.dot. This work benefited from the feedback from David Black, Lars Eggert,
Gorry Fairhurst, and Eliot Lear, as well as discussions of the IETF
TSVWG WG.
Authors' Addresses This document was initially prepared using 2-Word-v2.0.template.dot.
Author's Address
Joe Touch Joe Touch
USC/ISI USC/ISI
4676 Admiralty Way 4676 Admiralty Way
Marina del Rey, CA 90292-6695 Marina del Rey, CA 90292-6695
U.S.A. United States
Phone: +1 (310) 448-9151 Phone: +1 (310) 448-9151
EMail: touch@isi.edu Email: touch@isi.edu
 End of changes. 221 change blocks. 
601 lines changed or deleted 651 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/