IETF Logo Mail Archive

Re: [Acme] Server on >= 1024 port

Richard Barnes <rlb@ipv.sx> Wed, 02 December 2015 23:12 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 864FB1A1B1C for <acme@ietfa.amsl.com>; Wed, 2 Dec 2015 15:12:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O-10mYMHwjnx for <acme@ietfa.amsl.com>; Wed, 2 Dec 2015 15:12:37 -0800 (PST)
Received: from mail-vk0-x22f.google.com (mail-vk0-x22f.google.com [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A8191A1B11 for <acme@ietf.org>; Wed, 2 Dec 2015 15:12:37 -0800 (PST)
Received: by vkca188 with SMTP id a188so35303883vkc.0 for <acme@ietf.org>; Wed, 02 Dec 2015 15:12:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XruqLbtodl5iDT23fvM1h84MUSN8p6kkiF2svw4xNHo=; b=S96v61BGM2nUccpbo5B+laCcVmnjPTfQwTMqmV4BeQyaqhtuSTmwif/MJoUxoYprKT T49tmK5mJJvskU/9aIxDPTGZxOBIDMCY+CayCAq6RwzwHDZuHJ07knE+MHPddPs7m7hw IviS8QTFoKlRSgIxXx8dWsPAC93NTo0zEpAePubdQb6p/jA8G9qyD4iF6QkyHH9rL4DT 3UiuEhaPjaMTbfoNGYBkl66+IZ4Yd7UerovS+aAqf+2tRLYfpM2ICEF3pzSzap07J72q 0hSsSHX1sX06v1cgqufUnavyc15WvyOAzDYSkADMxTFLq3pGhTGDivPldRWMyvygEccc aH2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=XruqLbtodl5iDT23fvM1h84MUSN8p6kkiF2svw4xNHo=; b=W/mnxU+erfAFdLfuo60XgA6SLKZYyApDpnuYVSQqPetIV6/RuV3jWH3DlZLJU15NQO CjvjDIfzQPPTTfC2ebkeWy28ImcnLrN+5d0bDzCGig+5CJBGBkDNssdCLO35b7TYYEoq /0ZuMLR9djYImZ2Bhr6yC8KVZDO0tqz2cfK1XqddV/lsJxwa6JPYkDn60gpTChhbCfoq icRj0xw+Pbx/xNHXmhy/iN/Po2SBmp0HT4nND8OoPN5f2422L3lRFxp3+MnMVUmxVTLe DW0TgPtHJ8S5B6IQZTICjeDhp57EEBk+beh2julf7+IIeYWgNT1zSI3UaxPWaOZ9xP7D JsXQ==
X-Gm-Message-State: ALoCoQk6GR1EbJurvzXJZ1m7R2fuJdOfJi04pM4G2+xRN4GAnq3XnC6O+tXtAUTg1nZh2olOhmJd
MIME-Version: 1.0
X-Received: by 10.31.188.200 with SMTP id m191mr4125572vkf.102.1449097956737; Wed, 02 Dec 2015 15:12:36 -0800 (PST)
Received: by 10.31.11.81 with HTTP; Wed, 2 Dec 2015 15:12:36 -0800 (PST)
In-Reply-To: <m3si3kih5s.fsf@carbon.jhcloos.org>
References: <565589E4.2030107@desy.de> <565EBF56.3070502@desy.de> <D836A378-DA88-4AAF-B1E4-F34A80319DC1@gmail.com> <e9092589f3204a449af8b6f900be1303@usma1ex-dag1mb1.msg.corp.akamai.com> <CAL02cgQPZrx5d1xO-xKEQrV+pZKLkhYW_XDSm=QM8THs__s5qQ@mail.gmail.com> <m3si3kih5s.fsf@carbon.jhcloos.org>
Date: Wed, 02 Dec 2015 18:12:36 -0500
Message-ID: <CAL02cgTSXqK7sR_Lrfu94PTkqPZf1+ZOkBHrSgWCP05OwehVbQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: James Cloos <cloos@jhcloos.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/azTf6xNVgD7gK-xK521ianfNnqA>
Cc: Paul Millar <paul.millar@desy.de>, "Salz, Rich" <rsalz@akamai.com>, "acme@ietf.org" <acme@ietf.org>, Yoav Nir <ynir.ietf@gmail.com>
Subject: Re: [Acme] Server on >= 1024 port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 23:12:38 -0000

On Wed, Dec 2, 2015 at 6:07 PM, James Cloos <cloos@jhcloos.com> wrote:
>>>>>> "RB" == Richard Barnes <rlb@ipv.sx> writes:
>
> RB> If you look at what CAs do today, that basically means the port is
> RB> 80/443.  More generally, it means that the port needs to be specified
> RB> by the challenge mechanism and not by the client.
>
> What CAs do any kind of challenge over anything other than smtp?

Let's Encrypt and WoSign spring immediately to mind.  They both do
web-based validation.

SSLMate also supports HTTP-based validation, and their certs are
issued by real CAs.

So it's out there.

--Richard


> Tcp port numbers have no significance to "control of a domain".
>
> Or "control of a hostname", since the certs are issued for hostnames and
> not for domain names.
>
> -JimC
> --
> James Cloos <cloos@jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

v2.23.0 | Report a Bug | By Email