Re: [Acme] Issue: Allow ports other than 443

On Mon, Nov 23, 2015 at 12:52 PM, Martin Thomson wrote: > The problem is that it the ACME server needs some sort of assurance > that the client controls the server. Showing control over the server > on port 443 is probably the best signal possible. > > Showing control

Re: [Acme] Issue: Allow ports other than 443

On 23 November 2015 at 10:09, Douglas Calvert wrote: > How does showing control over port 443 convey more information than showing > control over port 22, 80, 487, 1023? Basic information theory: p(control over 443) < p(control over any port under 1024) <

Re: [Acme] Issue: Allow ports other than 443

which is easier, going through kink on 443 or getting the IT security team to punch a hole for ? randy ___ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] Issue: Allow ports other than 443

+1 on both Rich's request and the IANA suggestion. I think something that would help for this purpose would be an Internet-wide zmap scan of some plausible ports, to ensure there isn't anything in widespread use on them that could be a relevant attack surface for the challenge protocols. Anyone

Re: [Acme] Issue: Allow ports other than 443

>> which is easier, going through kink on 443 or getting the IT security >> team to punch a hole for ? > Would it help if you could choose the option that sucked least for > your particular situation? That was what I was thinking. yes, it would help i admit to thinking of it as turning off a

Re: [Acme] Issue: Allow ports other than 443

Allowing the Web server to continue running on 443 while validation takes place on another port seems like a straightforward resolution to the issue that is raised. Russ On Nov 21, 2015, at 1:03 PM, Salz, Rich wrote: > Please see here for the background: >