On Wed, Dec 2, 2015 at 6:12 PM, Richard Barnes <[email protected]> wrote: > On Wed, Dec 2, 2015 at 6:07 PM, James Cloos <[email protected]> wrote: > >>>>>> "RB" == Richard Barnes <[email protected]> writes: > > > > RB> If you look at what CAs do today, that basically means the port is > > RB> 80/443. More generally, it means that the port needs to be specified > > RB> by the challenge mechanism and not by the client. > > > > What CAs do any kind of challenge over anything other than smtp? > > Let's Encrypt and WoSign spring immediately to mind. They both do > web-based validation. > > SSLMate also supports HTTP-based validation, and their certs are > issued by real CAs. >
SSLMate also supports DNS-based validation (and since SSLMate is a downstream provider of multiple upstream CAs, such as Comodo, each upstream CA necessarily supports the same validation mechanism). -- Eric > So it's out there. > > --Richard > > > > Tcp port numbers have no significance to "control of a domain". > > > > Or "control of a hostname", since the certs are issued for hostnames and > > not for domain names. > > > > -JimC > > -- > > James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > -- konklone.com | @konklone <https://twitter.com/konklone>
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
