On 03/12/15 00:48, Niklas Keller wrote:
Let's Encrypt is still a future CA, not a current one.
Nope, it's not a future CA, it's a current one. It already issues
trusted certificates.
https://crt.sh/?Identity=%25=7395
--
Rob Stradling
Senior Research & Development Scientist
COMODO -
Ted Hardie wrote:
> There was discussion about registering a port specifically for ACME
> challenges, so that a running server on 80/443 did not have to be
> changed during the challenge. That would be a privileged port, and
> we could define the semantics for the challenges there to be similar
>
> On 2 Dec 2015, at 11:52 AM, Paul Millar wrote:
>
> Hi all,
>
> I'm writing just to summarise this thread and check a consensus has been
> reached.
>
> On 25/11/15 11:13, Paul Millar wrote:
>> I was wondering whether people have considered services running on a
>> port
On Wed, Dec 2, 2015 at 12:52 PM, Romain Fliedel
wrote:
> So we might have a record of the form:
>>
>> example.com CAA 0 acmedv1 "port=666"
>>
>>
> If you have to modify the dns to use a custom port, why not use the dns
> validation method ? (once it's available)
>
On Wed, Dec 2, 2015 at 1:09 PM, Romain Fliedel
wrote:
>
>
> 2015-12-02 18:57 GMT+01:00 Phillip Hallam-Baker :
>
>>
>>
>> On Wed, Dec 2, 2015 at 12:52 PM, Romain Fliedel > > wrote:
>>
>>> So we might have a record of the
On Wed, Dec 02, 2015 at 08:51:54AM -0800, Ted Hardie wrote:
>
> There was discussion about registering a port specifically for ACME
> challenges, so that a running server on 80/443 did not have to be changed
> during the challenge. That would be a privileged port, and we could
> define the
On Wed, Dec 02, 2015 at 12:01:04PM -0500, Phillip Hallam-Baker wrote:
>
> Again, I think you are missing the real problem here. Let us say we have a
> new protocol to run over port 666 that is actually a Web service under the
> covers.
>
> Hosting provider has a host that supports the following
On Wed, Dec 2, 2015 at 4:52 AM, Paul Millar wrote:
> Hi all,
>
> I'm writing just to summarise this thread and check a consensus has been
> reached.
>
> On 25/11/15 11:13, Paul Millar wrote:
>
>> I was wondering whether people have considered services running on a
>> port
> On 26 Nov 2015, at 11:49 AM, Paul Millar wrote:
>
> On 25/11/15 19:22, Roland Zink wrote:
>> The resolution of a certificate is the domain name, e.g. it is valid for
>> all services on the machine. If you get the certificate for a port then
>> you may misuse it to
> On 26 Nov 2015, at 1:16 PM, Randy Bush wrote:
>
>> The resolution of a certificate is the domain name, e.g. it is valid for
>> all services on the machine.
>
>X509v3 extensions:
>X509v3 Key Usage: critical
>Digital Signature, Key
On 26/11/15 11:20, Yoav Nir wrote:
Another thing is that I don’t get why some CAs have the web *client*
authentication EKU thrown in there.
Because a sufficiently large number of customers asked for it. :-)
AIUI the use case is server-to-server comms, where server A acts as a
TLS client
On 26/11/15 11:32, Rob Stradling wrote:
> On 26/11/15 11:20, Yoav Nir wrote:
>
>> Another thing is that I don’t get why some CAs have the web *client*
>> authentication EKU thrown in there.
>
> Because a sufficiently large number of customers asked for it. :-)
>
> AIUI the use case is
Hello all,
On 11/25/2015 05:13 AM, Paul Millar wrote:
> I was wondering whether people have considered services running on
> a port other than port 443; in particular, ports greater than
> 1024.
I'm also somewhat concerned about this, I've read statements like this
when talking about port 443:
On Wed, Nov 25, 2015 at 9:14 AM, moparisthebest
wrote:
> Hello all,
>
> On 11/25/2015 05:13 AM, Paul Millar wrote:
> > I was wondering whether people have considered services running on
> > a port other than port 443; in particular, ports greater than
> > 1024.
>
> I'm
On 25 November 2015 at 02:13, Paul Millar wrote:
> Therefore, there seems no reason to limit ACME to the traditionally secure
> port number.
I would be OK with having an ACME server validate against any port,
but only if it were going to issue a certificate with a
Am 25.11.2015 um 18:28 schrieb moparisthebest:
A domain validated certificate doesn't and never has said "This entire
machine is controlled solely by the domains specified in this
certificate", instead it says "This particular service/port on this
server is authorized by this domain to provide
Hi,
[apologies if this question duplicates the earlier thread "Issue: Allow
ports other than 443"]
I was wondering whether people have considered services running on a
port other than port 443; in particular, ports greater than 1024.
One particular use-case is that some services run on a
17 matches
Mail list logo