There are a very limited number of port numbers, which are assigned by IANA for protocols recognized as viable, complying with current protocol design standards, and not already covered by existing Internet standards. For example, port 25 was assigned to the SMTP email protocol many years ago. This provides a standard port and reduces conflicts with other protocols. The technical review of the SixChat protocol was performed by Lars Eggert, the distinguished chair of the Internet Research Task Force.
The SixChat messaging protocol was created by Lawrence E. Hughes, co-founder and CTO of Sixscape Communications, for their SixChat Internet application software. The new protocol allows two SixChat User Agents to connect directly, perform mutual authentication with X.509 client digital certificates and then securely exchange a symmetric session key (for encryption of all content). SixChat uses the company’s Identity Registration Protocol (IANA assigned port 4604) for address registry and retrieval, as well as Public Key Infrastructure functions (to obtain and use client digital certificates).
End2End Direct messaging requires globally routable ("public") IP addresses for all nodes involved. It is incompatible with NAT (Network Address Translation). It can work within a private internet (a subset of the IPv4 Internet that uses a flat address space with no NAT), or between any two nodes on the public IPv6 Internet. NAT prevents incoming connections, so any user to user messaging must use intermediary servers.
End2End Direct Messaging has several advantages over indirect messaging via intermediary servers. End2End Direct traffic is highly decentralized, going only via the shortest network path between communicating parties. This makes it more difficult to intercept, monitor or block. Intermediary servers introduce reliability, salability and security issues. It is much easier to monitor or block network traffic that must go through a small number of "choke points".
It would be possible to use DNS for nodename resolution (mapping nodenames to IP addresses) for End2End Direct messaging, but DNS is increasingly insecure, has no per-user authentication for registration or updating, and takes a long time to propagate. It has no good way to publish X.509 client digital certificates for users, and can only publish the address of a given network node, not the node most recently used by a particular person. IRP provides a highly secure address registry with per-user authentication (usually using X.509 certificate based Strong Client Authentication). Registered information is immediately available. IP addresses of highly mobile nodes (e.g. smart phones) may change frequently as the connect to different WiFi access points. This does not work well in the DNS model.
The SixChat End2End Messaging protocol is a streaming protocol (tcp based, connection oriented). It cannot be secured with TLS, which is an inherently Client/Server technology. It provides mutual strong authentication using only X.509 client digital certificates (no server cert involved), and symmetric session key exchange (via public/private key encryption or Ephemeral Diffie Hellman Key Exchange). This handshake is based on the design of TLS, but is not Client/Server, rather between peers. Unlike TLS, it lies entirely within the Application Layer the protocol messages are based on XML.
Nodes supporting End2End Direct messaging are neither client nor server, but must be able to originate and accept network connections (hence have characteristics of both clients and servers). Such a node is called a "User Agent".
Related Research Articles
The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System has been an essential component of the functionality of the Internet since 1985.
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks, whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on the network, so they can communicate with other IP networks. A DHCP server enables computers to request IP addresses and networking parameters automatically from the Internet service provider (ISP), reducing the need for a network administrator or a user to manually assign IP addresses to all network devices. In the absence of a DHCP server, a computer or other device on the network needs to be manually assigned an IP address, or to assign itself an APIPA address, the latter of which will not enable it to communicate outside its local subnet.
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.
The Simple Mail Transfer Protocol (SMTP) is a communication protocol for electronic mail transmission. As an Internet standard, SMTP was first defined in 1982 by RFC 821, and updated in 2008 by RFC 5321 to Extended SMTP additions, which is the protocol variety in widespread use today. Mail servers and other message transfer agents use SMTP to send and receive mail messages. SMTP servers commonly use the Transmission Control Protocol on port number 25.
The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications. SIP is used for signaling and controlling multimedia communication sessions in applications of Internet telephony for voice and video calls, in private IP telephone systems, in instant messaging over Internet Protocol (IP) networks as well as mobile phone calling over LTE (VoLTE).
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
An email client, email reader or more formally mail user agent (MUA) is a computer program used to access and manage a user's email.
In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle (MITM) or person-in-the-middle (PITM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within the reception range of an unencrypted Wi-Fi access point could insert themselves as a man-in-the-middle.
Extensible Messaging and Presence Protocol (XMPP) is a communication protocol for message-oriented middleware based on XML. It enables the near-real-time exchange of structured yet extensible data between any two or more network entities. Originally named Jabber, the protocol was developed by the eponymous open-source community in 1999 for near real-time instant messaging (IM), presence information, and contact list maintenance. Designed to be extensible, the protocol has been used also for publish-subscribe systems, signalling for VoIP, video, file transfer, gaming, the Internet of Things (IoT) applications such as the smart grid, and social networking services.
In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the ownership of a public key. The certificate includes information about the key, information about the identity of its owner, and the digital signature of an entity that has verified the certificate's contents. If the signature is valid, and the software examining the certificate trusts the issuer, then it can use that key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer (SSL), is notable for being a part of HTTPS, a protocol for securely browsing the web.
The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) cryptographic authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.
Virtual hosting is a method for hosting multiple domain names on a single server. This allows one server to share its resources, such as memory and processor cycles, without requiring all services provided to use the same host name. The term virtual hosting is usually used in reference to web servers but the principles do carry over to other Internet services.
A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.
FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.
Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs and a number of vendor specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.
strongSwan is a multiplatform IPsec implementation. The focus of the project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys and certificates on smartcards through a standardized PKCS#11 interface and on TPM 2.0.
In computer networking, a port is a communication endpoint. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port is identified for each transport protocol and address combination by a 16-bit unsigned number, known as the port number. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
DNSCrypt is a network protocol that authenticates and encrypts Domain Name System (DNS) traffic between the user's computer and recursive name servers. It was originally designed by Frank Denis and Yecheng Fu.
The Internet Assigned Numbers Authority (IANA) officially assigned TCP port 4604 to the Identity Registration Protocol (IRP) created by Sixscape Communications, Pte. Ltd. The assignment was issued by IANA on 17 March 2014, and is listed in the official IANA resource registry.
This page is based on this Wikipedia article Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio are available under their respective licenses.
