On Wed, Dec 2, 2015 at 6:07 PM, James Cloos <[email protected]> wrote: >>>>>> "RB" == Richard Barnes <[email protected]> writes: > > RB> If you look at what CAs do today, that basically means the port is > RB> 80/443. More generally, it means that the port needs to be specified > RB> by the challenge mechanism and not by the client. > > What CAs do any kind of challenge over anything other than smtp?
Let's Encrypt and WoSign spring immediately to mind. They both do web-based validation. SSLMate also supports HTTP-based validation, and their certs are issued by real CAs. So it's out there. --Richard > Tcp port numbers have no significance to "control of a domain". > > Or "control of a hostname", since the certs are issued for hostnames and > not for domain names. > > -JimC > -- > James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
