On 25 November 2015 at 02:13, Paul Millar <paul.mil...@desy.de> wrote: > Therefore, there seems no reason to limit ACME to the traditionally secure > port number.
I would be OK with having an ACME server validate against any port, but only if it were going to issue a certificate with a subjectAltName that references the port number in question. Otherwise, for the reason ekr noted, a user that happens to get shell access on a shared hosting environment could get certificates issued to them for the entire domain. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme