On Wed, Apr 22, 2015 at 9:51 PM, Phillip Hallam-Baker ph...@hallambaker.com
wrote:
I think this discussion is getting way too deep into the weeds of
policy. That isn't a concern IETF has generally taken a definitive
stand on. If it had there would not have been the need to set up
CABForum
On 22 April 2015 at 19:33, Peter Eckersley p...@eff.org wrote:
Perhaps those policies can be stored out of band, or perhaps we can add
a separate REST API endpoint where clients ask what ports the server
considers acceptable for DV Challenges.
Or just pick port 100 (or another that isn't
On 22 Apr 2015, at 15:10, Richard Barnes r...@ipv.sx wrote:
On Tue, Apr 21, 2015 at 10:53 PM, Bruce Gaya g...@apple.com
mailto:g...@apple.com wrote:
On 21 Apr 2015, at 18:23, Salz, Rich rs...@akamai.com
mailto:rs...@akamai.com wrote:
I understand that you want it to “just work”
I understand that you want it to “just work” (you said that a couple of times
:), but other folks have raised security concerns – do you understand or agree
with them?
One way forward is to say a client MAY specific a port, where the default is
443. An ACME server MAY reject requests for ports
On Tue, Apr 21, 2015 at 07:53:25PM -0700, Bruce Gaya wrote:
The policy of Let's Encrypt Certificate Authority, however, is
very important! I also would very much like that CA to allow
client-defined callback ports below 1024.
That level of diligence would finally expose the security of