IETF Logo Mail Archive

Re: [Acme] Issue: Allow ports other than 443

Randy Bush <randy@psg.com> Tue, 24 November 2015 07:40 UTC

Return-Path: <randy@psg.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B3471A0334 for <acme@ietfa.amsl.com>; Mon, 23 Nov 2015 23:40:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.485
X-Spam-Level:
X-Spam-Status: No, score=-2.485 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.585] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Ib6r4wWMFhC for <acme@ietfa.amsl.com>; Mon, 23 Nov 2015 23:40:37 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A2491A0335 for <acme@ietf.org>; Mon, 23 Nov 2015 23:40:37 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.82) (envelope-from <randy@psg.com>) id 1a18DJ-00026M-Vg; Tue, 24 Nov 2015 07:40:34 +0000
Date: Tue, 24 Nov 2015 08:40:32 +0100
Message-ID: <m2fuzvq1zj.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Martin Thomson <martin.thomson@gmail.com>
In-Reply-To: <CABkgnnVgU3sFcMnk=emADi9x7OR2bypGKqn4QBZuBuFC9sOHyg@mail.gmail.com>
References: <5e9b22a3942d4a39981878b13e4a7752@usma1ex-dag1mb1.msg.corp.akamai.com> <0630035C-E4F6-41AA-A339-7101B448F0FA@vigilsec.com> <m2si3wozrh.wl%randy@psg.com> <CABkgnnVgU3sFcMnk=emADi9x7OR2bypGKqn4QBZuBuFC9sOHyg@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/y75JLcgTMYn-yxgHCz85YqL-Rhg>
Cc: IETF ACME <acme@ietf.org>
Subject: Re: [Acme] Issue: Allow ports other than 443
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2015 07:40:38 -0000

>> which is easier, going through kink on 443 or getting the IT security
>> team to punch a hole for <iana-assigned-acme>?
> Would it help if you could choose the option that sucked least for
> your particular situation?  That was what I was thinking.

yes, it would help

i admit to thinking of it as turning off a magic feature that wants to
get you in trouble with IT security.  we're talking about the kind of
folk who scan all internal address space and whack you if you have an
ssh port that allows password based access (i actually appreciate this
one).

randy

v2.23.0 | Report a Bug | By Email