+1 on both Rich's request and the IANA suggestion. I think something that would help for this purpose would be an Internet-wide zmap scan of some plausible ports, to ensure there isn't anything in widespread use on them that could be a relevant attack surface for the challenge protocols.
Anyone interested in volunteering to do some scans? On Mon, Nov 23, 2015 at 09:52:07AM -0800, Martin Thomson wrote: > Could we ask IANA for a reserved system port (<1024)? Then it would > be possible for an ACME client to operate without disturbing running > services. > > On 23 November 2015 at 08:55, Russ Housley <hous...@vigilsec.com> wrote: > > Allowing the Web server to continue running on 443 while validation takes > > place on another port seems like a straightforward resolution to the issue > > that is raised. > > > > Russ > > > > > > On Nov 21, 2015, at 1:03 PM, Salz, Rich wrote: > > > >> Please see here for the background: > >> https://github.com/ietf-wg-acme/acme/issues/4 > >> > >> But discuss this on the mailing list. > > > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme > -- Peter Eckersley p...@eff.org Chief Computer Scientist Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993 _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme