IETF Logo Mail Archive

[Acme] Server on >= 1024 port

Paul Millar <paul.millar@desy.de> Wed, 25 November 2015 10:14 UTC

Return-Path: <paul.millar@desy.de>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B9FF1A1A4D for <acme@ietfa.amsl.com>; Wed, 25 Nov 2015 02:14:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.134
X-Spam-Level:
X-Spam-Status: No, score=-2.134 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RP_MATCHES_RCVD=-0.585, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HrSCbNxHqkVt for <acme@ietfa.amsl.com>; Wed, 25 Nov 2015 02:14:00 -0800 (PST)
Received: from smtp-o-3.desy.de (smtp-o-3.desy.de [IPv6:2001:638:700:1038::1:9c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D13D41A1A4B for <acme@ietf.org>; Wed, 25 Nov 2015 02:13:58 -0800 (PST)
X-Clacks-Overhead: GNU Terry Pratchett
Received: from smtp-map-3.desy.de (smtp-map-3.desy.de [131.169.56.68]) by smtp-o-3.desy.de (DESY-O-3) with ESMTP id 9B6C728032A for <acme@ietf.org>; Wed, 25 Nov 2015 11:13:56 +0100 (CET)
Received: from ZITSWEEP2.win.desy.de (zitsweep2.win.desy.de [131.169.97.96]) by smtp-map-3.desy.de (DESY_MAP_3) with ESMTP id 92A531341 for <acme@ietf.org>; Wed, 25 Nov 2015 11:13:56 +0100 (MET)
Received: from smtp-intra-3.desy.de (lb-40-26.desy.de) by ZITSWEEP2.win.desy.de (Clearswift SMTPRS 5.5.0) with ESMTP id <Tbe4ac257ff83a9616010e0@ZITSWEEP2.win.desy.de> for <acme@ietf.org>; Wed, 25 Nov 2015 11:13:56 +0100
Received: from [131.169.214.58] (zitpcx19643.desy.de [131.169.214.58]) by smtp-intra-3.desy.de (DESY-INTRA-3) with ESMTP id 7AE6E1341 for <acme@ietf.org>; Wed, 25 Nov 2015 11:13:56 +0100 (MET)
Message-ID: <565589E4.2030107@desy.de>
Date: Wed, 25 Nov 2015 11:13:56 +0100
From: Paul Millar <paul.millar@desy.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0
MIME-Version: 1.0
To: acme@ietf.org
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/hwTG5NbL4Zt-rKDR7YLpYjqj5js>
Subject: [Acme] Server on >= 1024 port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 10:14:02 -0000

Hi,

[apologies if this question duplicates the earlier thread "Issue: Allow 
ports other than 443"]

I was wondering whether people have considered services running on a 
port other than port 443; in particular, ports greater than 1024.

One particular use-case is that some services run on a higher port as 
they can (more easily) run as a non-root user, limited the danger if the 
service is compromised.

As I understand it, Domain Validated certificates provide an assurance 
about the DNS name of the asserted identity.  It specifically makes no 
claim who is running the service.

Therefore, there seems no reason to limit ACME to the traditionally 
secure port number.

Cheers,

Paul.

v2.23.0 | Report a Bug | By Email