Hi all,
I'm writing just to summarise this thread and check a consensus has been
reached.
On 25/11/15 11:13, Paul Millar wrote:
I was wondering whether people have considered services running on a
port other than port 443; in particular, ports greater than 1024.
The decision is not to support unprivileged ports (>= 1024) because of
two factors:
1. ACME wishes to support deployments where there are untrusted
users have (non-root) access to the same machine that
provides a trusted service.
2. There is no supported mechanism for a CA to issue a
certificate that is bound to a specific port.
Removing either of these points would allow (in principal) ACME to
support issuing certificates to services running on unprivileged ports.
Is that a fair summary?
Cheers,
Paul.
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
