On Wed, Nov 25, 2015 at 9:14 AM, moparisthebest <ad...@moparisthebest.com> wrote:
> Hello all, > > On 11/25/2015 05:13 AM, Paul Millar wrote: > > I was wondering whether people have considered services running on > > a port other than port 443; in particular, ports greater than > > 1024. > > I'm also somewhat concerned about this, I've read statements like this > when talking about port 443: > > > ACME server needs some sort of assurance that the client controls > the server. > > But I don't really know why that is or should be the case at all? > Certs aren't really issued to the machine, but rather to any service > on any port. There are countless services that run over TLS, IRC > generally on 6697/7000/9999, XMPP on 5223, imaps, smtps, pops etc etc etc. > > Why shouldn't the client simply be able to tell the ACME server what > port to test, and the ACME server assume if the client has access to > ANY port on the server then it should be able to host ANY TLS service > on that server? > > Because this doesn't match operational reality on a number of shared hosting systems. -Ekr > moparisthebest > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme