On Wed, Dec 02, 2015 at 08:51:54AM -0800, Ted Hardie wrote: > > There was discussion about registering a port specifically for ACME > challenges, so that a running server on 80/443 did not have to be changed > during the challenge. That would be a privileged port, and we could > define the semantics for the challenges there to be similar to the 443 > challenge (essentially a TLS-based challenge on a different, well-known > port). > > I did not see consensus for this approach, but I also didn't detect the > same opposition to it that other approaches attracted. If folks are > interested in supporting this approach, I'd suggesting writing a draft > which describes the challenge and proposes registration; that would give us > a more concrete understanding of whether the effort to support this would > be appropriate for the number of installations which would use it.
I'm at present quite supportive of this approach for adding a single specific port <1024 that is supported for DV challenges, and I thought that in fact past discussions on this list had reached that as a likely conclusion. Are there any strong arguments against having the protocol support this use case for CAs that want to offer it? -- Peter Eckersley [email protected] Chief Computer Scientist Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993 _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
