The problem is that it the ACME server needs some sort of assurance that the client controls the server. Showing control over the server on port 443 is probably the best signal possible.
Showing control over a server on ports < 1024 might be OK. Some operating systems require additional privileges to serve on those ports. That said, it's not universal, though I'm not sure whether it matters for those cases where <1024 is available without access controls. Could we ask IANA for a reserved system port (<1024)? Then it would be possible for an ACME client to operate without disturbing running services. On 23 November 2015 at 08:55, Russ Housley <[email protected]> wrote: > Allowing the Web server to continue running on 443 while validation takes > place on another port seems like a straightforward resolution to the issue > that is raised. > > Russ > > > On Nov 21, 2015, at 1:03 PM, Salz, Rich wrote: > >> Please see here for the background: >> https://github.com/ietf-wg-acme/acme/issues/4 >> >> But discuss this on the mailing list. > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
