IETF Logo Mail Archive

Re: [Acme] Server on >= 1024 port

Peter Eckersley <pde@eff.org> Wed, 02 December 2015 22:06 UTC

Return-Path: <pde@mail2.eff.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8BC61B2DEF for <acme@ietfa.amsl.com>; Wed, 2 Dec 2015 14:06:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.012
X-Spam-Level:
X-Spam-Status: No, score=-7.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NobJqqKopEeZ for <acme@ietfa.amsl.com>; Wed, 2 Dec 2015 14:06:04 -0800 (PST)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D3631B2E0A for <acme@ietf.org>; Wed, 2 Dec 2015 14:06:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=J9O63cM1KYymwpXBulcNyJkfm+rqrKGHYiSJ8Jlhaxk=; b=E+lCTNxpv+IcqBxO+4aKao1iPepxjvmuVHd4sDsyh13RhjNvYJo+axDNO8RgqKCcYLY/u5SrgWF9KN9cOhcYDLaUSEdKviTC6MzrpB+jLzwYNVIofLH3K5FQWpHalHYUHzvJkbubPiqNZZtJfckRxB2cQ2aXEKprEATUZR3AyKM=;
Received: ; Wed, 02 Dec 2015 14:06:03 -0800
Date: Wed, 02 Dec 2015 14:06:03 -0800
From: Peter Eckersley <pde@eff.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Message-ID: <20151202220603.GB18430@eff.org>
References: <565589E4.2030107@desy.de> <565EBF56.3070502@desy.de> <D836A378-DA88-4AAF-B1E4-F34A80319DC1@gmail.com> <e9092589f3204a449af8b6f900be1303@usma1ex-dag1mb1.msg.corp.akamai.com> <CAL02cgQPZrx5d1xO-xKEQrV+pZKLkhYW_XDSm=QM8THs__s5qQ@mail.gmail.com> <CAMm+LwiqfYH-Vt7L2OSyLTNWzPSYBO-qxhjHege2jFqOnPtxjQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+LwiqfYH-Vt7L2OSyLTNWzPSYBO-qxhjHege2jFqOnPtxjQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/3239diWQJuGEnyrvmP8Vmo-WDZI>
Cc: Richard Barnes <rlb@ipv.sx>, Paul Millar <paul.millar@desy.de>, "acme@ietf.org" <acme@ietf.org>, Yoav Nir <ynir.ietf@gmail.com>, "Salz, Rich" <rsalz@akamai.com>
Subject: Re: [Acme] Server on >= 1024 port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 22:06:06 -0000

On Wed, Dec 02, 2015 at 12:01:04PM -0500, Phillip Hallam-Baker wrote:
> 
> Again, I think you are missing the real problem here. Let us say we have a
> new protocol to run over port 666 that is actually a Web service under the
> covers.
> 
> Hosting provider has a host that supports the following Web Sites that
> belong to different parties:
> 
> example.com
> malicious.com
> 
> The hosting provider allows any form of executable to run on the host
> (10.6.6.6) that does not interfere with apache which has 80 & 443 reserved.
> [This is typical]

Are there any typical hosting environments in which such executables can
bind to port 666, while being unable to tear down and replace the
service that's bound of 443?  What are they?

-- 
Peter Eckersley                            pde@eff.org
Chief Computer Scientist          Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

v2.23.0 | Report a Bug | By Email