Re: [Acme] Server on >= 1024 port
moparisthebest <admin@moparisthebest.com> Wed, 25 November 2015 17:12 UTC
Return-Path: <admin@moparisthebest.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 460DF1A6F20 for <acme@ietfa.amsl.com>; Wed, 25 Nov 2015 09:12:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.699
X-Spam-Level:
X-Spam-Status: No, score=0.699 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v1srozUc8mMX for <acme@ietfa.amsl.com>; Wed, 25 Nov 2015 09:12:44 -0800 (PST)
Received: from mailer.moparscape.org (mailer.moparscape.org [144.76.72.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA14C1A6F1E for <acme@ietf.org>; Wed, 25 Nov 2015 09:12:43 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at burtrum.org
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=moparisthebest.com; s=2013; t=1448471558; bh=6ZhDK0A7vYXiw4Isc88LRrhz28BOtoMWkvb7fqWLYTw=; h=Subject:To:References:From:Date:In-Reply-To:From; b=PxTfejZLHSOzk8jT7R8uWbFgAghdOYCn7Ln4O3LD9EuxNkUpiFwQtiiaiAtituBfW MhABmtgnNVdnc6Jk35FkPESQdHwE7uG9OoEMdvDnxwX9fOOo8f6Y44kixnTYh0B8JE 4b1I4wptiabnvGN4jonbBwIhORNWLJmd+ufGp6sw=
To: acme@ietf.org
References: <565589E4.2030107@desy.de>
From: moparisthebest <admin@moparisthebest.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <5655EC72.7060300@moparisthebest.com>
Date: Wed, 25 Nov 2015 12:14:26 -0500
MIME-Version: 1.0
In-Reply-To: <565589E4.2030107@desy.de>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/w37jHiQmZE0QTL7n1jFfjHmwccA>
Subject: Re: [Acme] Server on >= 1024 port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 17:12:45 -0000
Hello all, On 11/25/2015 05:13 AM, Paul Millar wrote: > I was wondering whether people have considered services running on > a port other than port 443; in particular, ports greater than > 1024. I'm also somewhat concerned about this, I've read statements like this when talking about port 443: > ACME server needs some sort of assurance that the client controls the server. But I don't really know why that is or should be the case at all? Certs aren't really issued to the machine, but rather to any service on any port. There are countless services that run over TLS, IRC generally on 6697/7000/9999, XMPP on 5223, imaps, smtps, pops etc etc etc. Why shouldn't the client simply be able to tell the ACME server what port to test, and the ACME server assume if the client has access to ANY port on the server then it should be able to host ANY TLS service on that server? Thanks, moparisthebest
- [Acme] Server on >= 1024 port Paul Millar
- Re: [Acme] Server on >= 1024 port moparisthebest
- Re: [Acme] Server on >= 1024 port Eric Rescorla
- Re: [Acme] Server on >= 1024 port moparisthebest
- Re: [Acme] Server on >= 1024 port Roland Zink
- Re: [Acme] Server on >= 1024 port Martin Thomson
- Re: [Acme] Server on >= 1024 port Paul Millar
- Re: [Acme] Server on >= 1024 port Randy Bush
- Re: [Acme] Server on >= 1024 port Yoav Nir
- Re: [Acme] Server on >= 1024 port Yoav Nir
- Re: [Acme] Server on >= 1024 port Rob Stradling
- Re: [Acme] Server on >= 1024 port Stephen Farrell
- Re: [Acme] Server on >= 1024 port Rob Stradling
- Re: [Acme] Server on >= 1024 port Paul Millar
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Yoav Nir
- Re: [Acme] Server on >= 1024 port Salz, Rich
- Re: [Acme] Server on >= 1024 port Richard Barnes
- Re: [Acme] Server on >= 1024 port Niklas Keller
- Re: [Acme] Server on >= 1024 port Ted Hardie
- Re: [Acme] Server on >= 1024 port Salz, Rich
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Romain Fliedel
- Re: [Acme] Server on >= 1024 port Ted Hardie
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Romain Fliedel
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Peter Eckersley
- Re: [Acme] Server on >= 1024 port Peter Eckersley
- Re: [Acme] Server on >= 1024 port Peter Eckersley
- Re: [Acme] Server on >= 1024 port James Cloos
- Re: [Acme] Server on >= 1024 port Richard Barnes
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Peter Eckersley
- Re: [Acme] Server on >= 1024 port James Cloos
- Re: [Acme] Server on >= 1024 port Eric Rescorla
- Re: [Acme] Server on >= 1024 port Niklas Keller
- Re: [Acme] Server on >= 1024 port Randy Bush
- Re: [Acme] Server on >= 1024 port Eric Mill
- Re: [Acme] Server on >= 1024 port Darren J Moffat
- Re: [Acme] Server on >= 1024 port Rob Stradling
- Re: [Acme] Server on >= 1024 port Ángel González
- Re: [Acme] Server on >= 1024 port Vincent Lynch