On Wed, Dec 2, 2015 at 5:11 PM, Peter Eckersley <[email protected]> wrote:
> On Wed, Dec 02, 2015 at 02:06:03PM -0800, Peter Eckersley wrote: > > On Wed, Dec 02, 2015 at 12:01:04PM -0500, Phillip Hallam-Baker wrote: > > > > > > Again, I think you are missing the real problem here. Let us say we > have a > > > new protocol to run over port 666 that is actually a Web service under > the > > > covers. > > > > > > Hosting provider has a host that supports the following Web Sites that > > > belong to different parties: > > > > > > example.com > > > malicious.com > > > > > > The hosting provider allows any form of executable to run on the host > > > (10.6.6.6) that does not interfere with apache which has 80 & 443 > reserved. > > > [This is typical] > > > > Are there any typical hosting environments in which such executables can > > bind to port 666, while being unable to tear down and replace the > > service that's bound of 443? What are they? > > (And perhaps you were arguing elsewhere in this thread that .Net Core + > Raspberry Pi devices might be an example of this, but it would be an > interesting and surprising fact if ASP could bind :666 on such devices, > but not bind or reconfigure the server on :443) The issue is that in a multi hosting environment, port 443 is managed by the system and a hosted Web service can only bind to a specific port/hostname combination as a result. The hosted service gets a *share* of port 443 while on any other port it gets the raw TCP/IP stream.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
