On Mon, Nov 23, 2015 at 12:52 PM, Martin Thomson
wrote:
> The problem is that it the ACME server needs some sort of assurance
> that the client controls the server. Showing control over the server
> on port 443 is probably the best signal possible.
>
> Showing control
On 23 November 2015 at 10:09, Douglas Calvert
wrote:
> How does showing control over port 443 convey more information than showing
> control over port 22, 80, 487, 1023?
Basic information theory:
p(control over 443) < p(control over any port under 1024) <
which is easier, going through kink on 443 or getting the IT security
team to punch a hole for ?
randy
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
+1 on both Rich's request and the IANA suggestion.
I think something that would help for this purpose would be an
Internet-wide zmap scan of some plausible ports, to ensure there isn't
anything in widespread use on them that could be a relevant attack
surface for the challenge protocols.
Anyone
>> which is easier, going through kink on 443 or getting the IT security
>> team to punch a hole for ?
> Would it help if you could choose the option that sucked least for
> your particular situation? That was what I was thinking.
yes, it would help
i admit to thinking of it as turning off a
Allowing the Web server to continue running on 443 while validation takes place
on another port seems like a straightforward resolution to the issue that is
raised.
Russ
On Nov 21, 2015, at 1:03 PM, Salz, Rich wrote:
> Please see here for the background:
>