Re: [Acme] Server on >= 1024 port

2015-11-25 Thread moparisthebest
Hello all, On 11/25/2015 05:13 AM, Paul Millar wrote: > I was wondering whether people have considered services running on > a port other than port 443; in particular, ports greater than > 1024. I'm also somewhat concerned about this, I've read statements like this when talking about port 443:

Re: [Acme] Server on >= 1024 port

2015-11-25 Thread Eric Rescorla
On Wed, Nov 25, 2015 at 9:14 AM, moparisthebest wrote: > Hello all, > > On 11/25/2015 05:13 AM, Paul Millar wrote: > > I was wondering whether people have considered services running on > > a port other than port 443; in particular, ports greater than > > 1024. > > I'm

Re: [Acme] Server on >= 1024 port

2015-11-25 Thread Martin Thomson
On 25 November 2015 at 02:13, Paul Millar wrote: > Therefore, there seems no reason to limit ACME to the traditionally secure > port number. I would be OK with having an ACME server validate against any port, but only if it were going to issue a certificate with a

Re: [Acme] Issue: Allow ports other than 443

2015-11-25 Thread Peter Eckersley
The argument for a scan is not that it will be comprehensive. There's a huge amount of software out there that has started using various ports in standard and non-standard ways; the more software happens to use a given port, the more risk of remote attacks on ACME DV via quirks or bugs in that

Re: [Acme] Issue: Allow ports other than 443

2015-11-25 Thread Phillip Hallam-Baker
I am getting really nervous about allowing any port other than 443. I just did a scan of a very recent clean install of Windows and there are a *TON* of Web servers running for apps that didn't mention they had one. The thing is that if I am running a process on any sort of shared host, I can

Re: [Acme] Issue: Allow ports other than 443

2015-11-25 Thread Niklas Keller
It's an issue with shared hosting where users have shell access but no root access. 2015-11-24 17:49 GMT+01:00 Eliot Lear : > Yes, thanks, Yoav. Apologies to Randy and Kathleen for my terseness. > > Eliot > > > On 11/24/15 5:46 PM, Yoav Nir wrote: > > I think Eliot meant RFC

Re: [Acme] Server on >= 1024 port

2015-11-25 Thread Roland Zink
Am 25.11.2015 um 18:28 schrieb moparisthebest: A domain validated certificate doesn't and never has said "This entire machine is controlled solely by the domains specified in this certificate", instead it says "This particular service/port on this server is authorized by this domain to provide

[Acme] Server on >= 1024 port

2015-11-25 Thread Paul Millar
Hi, [apologies if this question duplicates the earlier thread "Issue: Allow ports other than 443"] I was wondering whether people have considered services running on a port other than port 443; in particular, ports greater than 1024. One particular use-case is that some services run on a