> On 2 Dec 2015, at 11:52 AM, Paul Millar <[email protected]> wrote: > > Hi all, > > I'm writing just to summarise this thread and check a consensus has been > reached. > > On 25/11/15 11:13, Paul Millar wrote: >> I was wondering whether people have considered services running on a >> port other than port 443; in particular, ports greater than 1024. > > The decision is not to support unprivileged ports (>= 1024) because of two > factors: > > 1. ACME wishes to support deployments where there are untrusted > users have (non-root) access to the same machine that > provides a trusted service. > > 2. There is no supported mechanism for a CA to issue a > certificate that is bound to a specific port. > > Removing either of these points would allow (in principal) ACME to support > issuing certificates to services running on unprivileged ports. > > Is that a fair summary?
I think not. I think towards the end the discussion got to a point that we don’t think there is much difference between x>=1024 and x<1024 as long as x!=443. How particular operating systems authorize users to set up servers on different ports is not something we can make sweeping generalizations about. So I don’t think there is consensus to use any port other than 443 for validating certificates for HTTPS. Yoav _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
