Checking the IANA site, it say: pcsync-https
8443 tcp PC sync HTTPS And checking the Tomcat Apache website: https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html <!-- Define a HTTP/1.1 Connector on port 8443, JSSE BIO implementation --> <Connector protocol="org.apache.coyote.http11.Http11Protocol" port="8443" .../> 8443 is popular used in Apache if you have setup the Apache server. This is NO any relationship with WoSign high port numbers problem. Best Regards, Richard From: Public [mailto:[email protected]] On Behalf Of Phillip via Public Sent: Friday, March 2, 2018 1:34 PM To: 'Ryan Sleevi' <[email protected]>; 'CA/Browser Forum Public Discussion List' <[email protected]>; 'Ben Wilson' <[email protected]> Subject: Re: [cabfpub] BR Authorized Ports, add 8443 Service Name and Transport Protocol Port Number Registry https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml Speedguide has no authority and I for one had never heard of it. IANA is the source. IF we were to consider an alternative port then it should be advertised by means of a DNS SRV record. But that does not seem necessary. From: Public [mailto:[email protected]] On Behalf Of Ryan Sleevi via Public Sent: Thursday, March 1, 2018 11:18 AM To: Ben Wilson <[email protected]<mailto:[email protected]>>; CA/Browser Forum Public Discussion List <[email protected]<mailto:[email protected]>> Subject: Re: [cabfpub] BR Authorized Ports, add 8443 This was intentional and keeps the port numbers within the standard set of 'authorized' ports (in the notion of unix systems) - ports <1024 requiring privileged access. This is generally true (but not explicitly) on other systems. Given that WoSign/WoTrus's past issuance systems allowed unprivileged users to obtain certificates through the use of high port numbers (in this case, for STUN/TURN services and SSH), I do not think it particularly wise or encouraging to consider this. On Thu, Mar 1, 2018 at 10:51 AM, Ben Wilson via Public <[email protected]<mailto:[email protected]>> wrote: Forwarding from Richard Wang: The current BRs say: Authorized Ports: One of the following ports: 80 (http), 443 (http), 25 (smtp), 22 (ssh). But many internal networks use the port 8443, broadly used in Apache server, today, one of our customers uses this port and can't change to use another port, I wish you can help to add this port 8443 to be allowed in the BRs, thanks. https://www.speedguide.net/port.php?port=8443, it says "8443 is the Common alternative HTTPS port." _______________________________________________ Public mailing list [email protected]<mailto:[email protected]> https://cabforum.org/mailman/listinfo/public
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
