Re: [Acme] Want client-defined callback port
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 23 April 2015 17:21 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 866E11ACDE0 for <acme@ietfa.amsl.com>; Thu, 23 Apr 2015 10:21:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2yPj6BHs6Vi for <acme@ietfa.amsl.com>; Thu, 23 Apr 2015 10:21:00 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00A8D1A7035 for <acme@ietf.org>; Thu, 23 Apr 2015 10:20:44 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 2F78E283032; Thu, 23 Apr 2015 17:20:43 +0000 (UTC)
Date: Thu, 23 Apr 2015 17:20:43 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: "acme@ietf.org" <acme@ietf.org>
Message-ID: <20150423172042.GA25758@mournblade.imrryr.org>
References: <CAL02cgT_DPY-Bn9A=UtCx+g2FKHON-TXGCWfH-gL8rR4yEFHZg@mail.gmail.com> <CA+9kkMAqte7O0k0KVRLRaEOmJL-wK0ncoruv3yoqKBjZVnc99g@mail.gmail.com> <CABkgnnVP4as97fXe7XTFpC=rw6ETdXY5s=1cRj1Xan1sgDsx3A@mail.gmail.com> <CAMm+Lwg5GiknSceb1Ocs=VxA1cZpmcrmZbPeXpgfAHbOC3CUcw@mail.gmail.com> <CAL02cgReRXAu4QjvsDYYkJN-WKS2bZeWNtZK-AoVndTncMQvag@mail.gmail.com> <CAMm+Lwi97VeE7j72oCXTeqEJWSQ=RTM3VH6hZ_GapbtZ9bmfwQ@mail.gmail.com> <CAL02cgTeztSb2B2pfweQfUL8Ty0XfiBLbtCLTrHwLNZ2LTQPVQ@mail.gmail.com> <CAMm+LwiR2tZVvWYOfKOMKybNNi9f52A_W4QGH6Bxx_haivFz3g@mail.gmail.com> <02937f42ee274952a44476be019f2864@usma1ex-dag1mb2.msg.corp.akamai.com> <CAMm+LwjdSzpg_kSwKgTiCkSpV7LXZk_J_UOg06FFp3mrK5OrCg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+LwjdSzpg_kSwKgTiCkSpV7LXZk_J_UOg06FFp3mrK5OrCg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/YEv8XA-lHTe5bHJFgAcZTus7lvs>
Subject: Re: [Acme] Want client-defined callback port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: acme@ietf.org
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 17:21:01 -0000
On Thu, Apr 23, 2015 at 01:01:53PM -0400, Phillip Hallam-Baker wrote: > Another point to consider here is the framing of the problem. People > are discussing this as validating a certificate request. I think that > is the wrong way to look at it. What we are doing is to validate the > holdership of a DNS name. Which is not the same thing. That may be a > component of a certificate validation process but it is not > necessarily one that would apply to every certificate issue. Amen. > But looking at where we are likely to go with ACME, I think we could > make a good case for 443 validation only right now and punt on the > question of seamless issue for protocols on ports other than 443 where > there isn't a connection to the Web server. Agreed, and as you note even 443 checks are really not the right proof of "holdership". So there'll be more work to do to flesh out the whole architecture. -- Viktor.
- [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Jacob Hoffman-Andrews
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Nico Williams
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Randy Bush
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Viktor Dukhovni
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Ted Hardie
- Re: [Acme] Want client-defined callback port Martin Thomson
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Peter Eckersley
- Re: [Acme] Want client-defined callback port Martin Thomson
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Richard Barnes
- Re: [Acme] Want client-defined callback port Salz, Rich
- Re: [Acme] Want client-defined callback port Phillip Hallam-Baker
- Re: [Acme] Want client-defined callback port Bruce Gaya
- Re: [Acme] Want client-defined callback port Viktor Dukhovni
- Re: [Acme] Want client-defined callback port Michael Ströder