Re: [Libvir] Register libvirtd ports with IANA ?

On Mon, Jun 18, 2007 at 12:09:33PM +0100, Richard W.M. Jones wrote: > Daniel P. Berrange wrote: >> For the libvirtd we currently use two ports >> >> 16509 - TCP unencrypted stream >> 16514 - TLS encrypted stream >> >> My first thought is that we should really use consequetive port numbers >> eg 16510 and 16511. > A few comments ... > > We don't need to use two ports if we either use a "STARTTLS"-style > upgrading of unencrypted to encrypted connections (which is the > recommended way to do things instead of using two ports), or more simply > we just ditch unencrypted connections. They're disabled by default > anyway and not in any way required unless we want libvirt to build > without GnuTLS. The TCP stuff would be useful if you made it listen on 127.0.0.1 and were using SSH to connect to libvirt remotely. So since the client sides has SSH tunnellin support we probably ought to keep the plain TCP server, since you don't want to be tunnelling TLS over SSH :-)