On 26/11/15 11:37, Stephen Farrell wrote: <snip>
True. A port-specific cert would only work with updated browsers which I guess is a fairly fatal objection to the idea. Ah well.
Is it worth considering requiring proof of control of (some particular combination of) _multiple_ ports rather than just a single port? Would that strengthen the validation in any meaningful way?
-- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
