Re: [Acme] Want client-defined callback port
Martin Thomson <martin.thomson@gmail.com> Thu, 23 April 2015 00:23 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72CB21B2C00 for <acme@ietfa.amsl.com>; Wed, 22 Apr 2015 17:23:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9-kRpwEmjCCD for <acme@ietfa.amsl.com>; Wed, 22 Apr 2015 17:23:07 -0700 (PDT)
Received: from mail-yk0-x233.google.com (mail-yk0-x233.google.com [IPv6:2607:f8b0:4002:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF7961B2C06 for <acme@ietf.org>; Wed, 22 Apr 2015 17:23:07 -0700 (PDT)
Received: by ykep21 with SMTP id p21so410451yke.3 for <acme@ietf.org>; Wed, 22 Apr 2015 17:23:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rZkuh2rmbRc7D+auKFgwq8GrCtPqy0TNPu1zvVUtZcQ=; b=eKbHUcycYSEKGb8tWQAqgW2IBk+wLWlGfLs6hb83eKMd1kWcX9Pm+NIJJrAMlegf60 CKxqlxIWZdixysvPxUQ4WRfOTR27cg4UIw/D0BYiFmbEUtdMFDxhy9WfDGYU4ngoZZRX GHR2HFSsVjRA+iML5KdAwxGhjqsr4CMeQbOTLOzUXOa5qM4uoq5iYKoaD9PQ5E0rHu52 gZPj06KlUbqHOwOnm3mEiMQpIus4jNDxsH/VbruEJpKU9iYUJvuwAy9gN5eD5koL4yLs ggfKXN56h4do6iJbgQljKrmKLUkrulcxQSjBOCZRtrd9CKpY+S6ZJarWJbxGHcMY3b4n 7poQ==
MIME-Version: 1.0
X-Received: by 10.236.208.36 with SMTP id p24mr153498yho.1.1429748587131; Wed, 22 Apr 2015 17:23:07 -0700 (PDT)
Received: by 10.13.247.71 with HTTP; Wed, 22 Apr 2015 17:23:07 -0700 (PDT)
Received: by 10.13.247.71 with HTTP; Wed, 22 Apr 2015 17:23:07 -0700 (PDT)
In-Reply-To: <CA+9kkMAqte7O0k0KVRLRaEOmJL-wK0ncoruv3yoqKBjZVnc99g@mail.gmail.com>
References: <352DA5FE-AC6F-49A7-8F9F-70A74889204F@apple.com> <CAK3OfOjey4bk02qC_jj2c0AzZ54qnP=KAJnG=mXnO6A5gZ4m9g@mail.gmail.com> <CAL02cgQ94ijVrCM9SStcodRW+XSG2w5Zwu3+ny8HriDBnxjdtg@mail.gmail.com> <FF21526F-BA8D-4F54-AAE3-047632706668@apple.com> <CAL02cgSDk0TNYusEkXA3onmqF7=kaAWhHjpW8WjbiqxgQMdQwQ@mail.gmail.com> <555F6C74-2416-4893-BDEA-A3C2E55A6D57@apple.com> <16985cf1c8c444c48d328fa766ec5ff8@usma1ex-dag1mb2.msg.corp.akamai.com> <DE264105-7317-4343-BCEE-539A73D42544@apple.com> <CAL02cgTv5Zi4wP0gJPvcrty6N96pAaLRkCveyvMNfoyjQrrEyw@mail.gmail.com> <0609C348-A6D8-46D5-AF58-5BE69910D261@apple.com> <CAL02cgT_DPY-Bn9A=UtCx+g2FKHON-TXGCWfH-gL8rR4yEFHZg@mail.gmail.com> <CA+9kkMAqte7O0k0KVRLRaEOmJL-wK0ncoruv3yoqKBjZVnc99g@mail.gmail.com>
Date: Wed, 22 Apr 2015 17:23:07 -0700
Message-ID: <CABkgnnVP4as97fXe7XTFpC=rw6ETdXY5s=1cRj1Xan1sgDsx3A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c1c2aca77b0f0514594887"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/PLTnGCQRDRYdaEY-6fkC2XaglNg>
Cc: Richard Barnes <rlb@ipv.sx>, Nico Williams <nico@cryptonector.com>, "acme@ietf.org" <acme@ietf.org>, Bruce Gaya <gaya@apple.com>, "Salz, Rich" <rsalz@akamai.com>
Subject: Re: [Acme] Want client-defined callback port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 00:23:11 -0000
On Apr 22, 2015 4:09 PM, "Ted Hardie" <ted.ietf@gmail.com> wrote: > > Forgive the top posting, but I want to be sure I understand something. If the client specifies a port that is below 1024 but canonically used for something else, what is the specified behavior? My reading of the thread so far is that the server would expect to run ACME over it, even if were specified for, say, LDAP (389). > > Is that what folks expect? Just to get this on the record, I think that we should have some advice that suggests a set of ports (other than 1024+) that are off-limits. I note that browsers are unwilling to connect to certain ports because of the concerns you allude to, we can recommend that the CA policy do the same (and be advised by the experience of browsers here). 389 is on that list, 25 probably too. I can try to find the list that Firefox uses if people think that is good advice to include.
- [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Jacob Hoffman-Andrews
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Nico Williams
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Randy Bush
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Viktor Dukhovni
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Ted Hardie
- Re: [Acme] Want client-defined callback port Martin Thomson
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Peter Eckersley
- Re: [Acme] Want client-defined callback port Martin Thomson
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Viktor Dukhovni
- Re: [Acme] Want client-defined callback port Michael Ströder