IETF Logo Mail Archive

Re: [Acme] Server on >= 1024 port

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 03 December 2015 00:12 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68B8A1B2EAC for <acme@ietfa.amsl.com>; Wed, 2 Dec 2015 16:12:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32V-NNDWUHqD for <acme@ietfa.amsl.com>; Wed, 2 Dec 2015 16:12:00 -0800 (PST)
Received: from mail-lf0-x230.google.com (mail-lf0-x230.google.com [IPv6:2a00:1450:4010:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A01731B2EAB for <acme@ietf.org>; Wed, 2 Dec 2015 16:11:59 -0800 (PST)
Received: by lfdl133 with SMTP id l133so71765269lfd.2 for <acme@ietf.org>; Wed, 02 Dec 2015 16:11:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=St2vg9gfs/8A4Qu8GDO6iJ5iO1NYgRIo++s0fPJTfYQ=; b=WExovU86GJ/LMzikiG0izymz6k2mpcv7nIPcJRGl179lG+KD5g4ipWcv+ZNz+LdjdM 2235lV2Tog+aWCq+XxzmaBvIBx8cnfJCfELvO6crxHWbZM+2A4SFl95f5U+DUKMWxzXX zbX0zhLnakMOweUgp3MEJG5CJ0uxcfneTAPGzp+Iu6+6yoxo+7/9dh6Q0rMZII+YUSPu pMWA/BSR5uhAkAGLW8NLmCHGKVKJ2JnwyV5b0Nuq7bQ4zpS3mzJLf+gIh8BvRYVKGHQ+ dT1cMgMWZK/rad3rNkP49P5DIxvcw/Mh/uok32REnnqlblDKUbJ9YoBm1FJAf0PVOO8u /elg==
MIME-Version: 1.0
X-Received: by 10.112.182.8 with SMTP id ea8mr4310232lbc.114.1449101517773; Wed, 02 Dec 2015 16:11:57 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.1.227 with HTTP; Wed, 2 Dec 2015 16:11:57 -0800 (PST)
In-Reply-To: <20151202221153.GC18430@eff.org>
References: <565589E4.2030107@desy.de> <565EBF56.3070502@desy.de> <D836A378-DA88-4AAF-B1E4-F34A80319DC1@gmail.com> <e9092589f3204a449af8b6f900be1303@usma1ex-dag1mb1.msg.corp.akamai.com> <CAL02cgQPZrx5d1xO-xKEQrV+pZKLkhYW_XDSm=QM8THs__s5qQ@mail.gmail.com> <CAMm+LwiqfYH-Vt7L2OSyLTNWzPSYBO-qxhjHege2jFqOnPtxjQ@mail.gmail.com> <20151202220603.GB18430@eff.org> <20151202221153.GC18430@eff.org>
Date: Wed, 02 Dec 2015 19:11:57 -0500
X-Google-Sender-Auth: 0NikB_RLnqlwYo5yRdqeWCTUkMk
Message-ID: <CAMm+Lwi+8Gk5yeRatAZOEuAQRBhZ2tt5S5Okp3BadbCVGy1r3g@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Peter Eckersley <pde@eff.org>
Content-Type: multipart/alternative; boundary="001a11c3732035f7b00525f33d06"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/oiuECjq_wi0jKRw58FFWUBFn_5Q>
Cc: Richard Barnes <rlb@ipv.sx>, Paul Millar <paul.millar@desy.de>, "acme@ietf.org" <acme@ietf.org>, Yoav Nir <ynir.ietf@gmail.com>, "Salz, Rich" <rsalz@akamai.com>
Subject: Re: [Acme] Server on >= 1024 port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 00:12:01 -0000

On Wed, Dec 2, 2015 at 5:11 PM, Peter Eckersley <pde@eff.org> wrote:

> On Wed, Dec 02, 2015 at 02:06:03PM -0800, Peter Eckersley wrote:
> > On Wed, Dec 02, 2015 at 12:01:04PM -0500, Phillip Hallam-Baker wrote:
> > >
> > > Again, I think you are missing the real problem here. Let us say we
> have a
> > > new protocol to run over port 666 that is actually a Web service under
> the
> > > covers.
> > >
> > > Hosting provider has a host that supports the following Web Sites that
> > > belong to different parties:
> > >
> > > example.com
> > > malicious.com
> > >
> > > The hosting provider allows any form of executable to run on the host
> > > (10.6.6.6) that does not interfere with apache which has 80 & 443
> reserved.
> > > [This is typical]
> >
> > Are there any typical hosting environments in which such executables can
> > bind to port 666, while being unable to tear down and replace the
> > service that's bound of 443?  What are they?
>
> (And perhaps you were arguing elsewhere in this thread that .Net Core +
> Raspberry Pi devices might be an example of this, but it would be an
> interesting and surprising fact if ASP could bind :666 on such devices,
> but not bind or reconfigure the server on :443)


The issue is that in a multi hosting environment, port 443 is managed by
the system and a hosted  Web service can only bind to a specific
port/hostname combination as a result. The hosted service gets a *share* of
port 443 while on any other port it gets the raw TCP/IP stream.

v2.23.0 | Report a Bug | By Email