> Because using a client-defined port for call backs does not have the > requirement you just mentioned, That leads to simpler ACME client design.
It's a trade-off. On many common server systems being able to manipulate what's on 443 requires more privileges, and therefore is a stronger answer about "ownership" then, say, standing up some little scripting language server on port 55530 Having validation rely not just on the domain, but on the 443, seems like a good thing. -- Senior Architect, Akamai Technologies IM: [email protected] Twitter: RichSalz _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
