Re: [Acme] Server on >= 1024 port
Ted Hardie <ted.ietf@gmail.com> Wed, 02 December 2015 17:57 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E9141ACD8B for <acme@ietfa.amsl.com>; Wed, 2 Dec 2015 09:57:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ak8VuQ0op80m for <acme@ietfa.amsl.com>; Wed, 2 Dec 2015 09:57:03 -0800 (PST)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 262E11ACD8A for <acme@ietf.org>; Wed, 2 Dec 2015 09:57:03 -0800 (PST)
Received: by qkao63 with SMTP id o63so19395692qka.2 for <acme@ietf.org>; Wed, 02 Dec 2015 09:57:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5QEkVvCjqzzuxrkvwit5caT+VkB5eAGMK+gik6/0qSc=; b=Mb45wrVz1PB/ykYH2aFqP3wIugJhlj8iBX5DH+OAZTUIoNOtom3/Yb3xCyygtgcoWx mjAsf9u7CuZUjWT+JAzH3YT1ieOt3cQHAK1kZu4zoL3UyfxyemQP1gDJU5mHYcV7IaP9 PHBEqn3S5lbXv7lhwByikbBXaFuwQZrg2i0/wm8jRynM/+7jOpstEWsHitHvi7A+FI3H Hchnhdd5x10zg1mTB8f0UgZ/FlxJ3OWuDjcMG2OB+FdtHZ8apCYsmI9OQN+ttJLNR+ih s5DQIQ7sOYVAU5+EHKJZv6QOvvRJ+fFRIcKFusJgkouIw0/mZ1/LFh9uD/1y1dW9PfQN 90Bw==
MIME-Version: 1.0
X-Received: by 10.55.75.212 with SMTP id y203mr5405084qka.20.1449079022269; Wed, 02 Dec 2015 09:57:02 -0800 (PST)
Received: by 10.55.14.211 with HTTP; Wed, 2 Dec 2015 09:57:02 -0800 (PST)
In-Reply-To: <23dcf9f85a6a400ca76196e096d22da6@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <565589E4.2030107@desy.de> <565EBF56.3070502@desy.de> <D836A378-DA88-4AAF-B1E4-F34A80319DC1@gmail.com> <e9092589f3204a449af8b6f900be1303@usma1ex-dag1mb1.msg.corp.akamai.com> <CAL02cgQPZrx5d1xO-xKEQrV+pZKLkhYW_XDSm=QM8THs__s5qQ@mail.gmail.com> <CANUQDChMFShsjVxOP4XfiMuP3PkKTitr5MM3y3AaNjgyPeaFgA@mail.gmail.com> <23dcf9f85a6a400ca76196e096d22da6@usma1ex-dag1mb1.msg.corp.akamai.com>
Date: Wed, 02 Dec 2015 09:57:02 -0800
Message-ID: <CA+9kkMC8uBFufm74fontoCmS2uUq3FgbVpbQWBm92Y=Cq=qNcQ@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="001a114a980c5fbbac0525ee007a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/zxmlgF3BQLrIXFlpACbZOybLWpk>
Cc: Richard Barnes <rlb@ipv.sx>, Paul Millar <paul.millar@desy.de>, "acme@ietf.org" <acme@ietf.org>, Niklas Keller <me@kelunik.com>, Yoav Nir <ynir.ietf@gmail.com>
Subject: Re: [Acme] Server on >= 1024 port
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 17:57:05 -0000
On Wed, Dec 2, 2015 at 8:52 AM, Salz, Rich <rsalz@akamai.com> wrote: > > Otherwise there's no difference between 443 and any other priviledged > port. > > What's a privileged port? :) Clearly it's a local construct, at best. > Under the name "system port" or "well-known port", it's been defined in IANA-related RFCs for a long time; the current one is RFC 6335/BCP 165. The baseline expectation is that both a local system administrator and remote parties know what service is running on a specific well-known port because the port number is conventionally bound to that service. If you are the administrator, you can, of course, ignore the convention. Speaking personally, I think the bar we're aiming for is that any challenge should demonstrate effective control of the system currently bound to the DNS name at issue or effective control of the DNS. Dynamic ports clearly don't do that, and not all system ports do either (the experimental ports clearly wouldn't). To get agreement that a specific challenge does do that, we kind have to have it written down and poked at; trying to reason about the set in the abstract doesn't appear to me to be worth it. No hats, Ted > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] Server on >= 1024 port Paul Millar
- Re: [Acme] Server on >= 1024 port moparisthebest
- Re: [Acme] Server on >= 1024 port Eric Rescorla
- Re: [Acme] Server on >= 1024 port moparisthebest
- Re: [Acme] Server on >= 1024 port Roland Zink
- Re: [Acme] Server on >= 1024 port Martin Thomson
- Re: [Acme] Server on >= 1024 port Paul Millar
- Re: [Acme] Server on >= 1024 port Randy Bush
- Re: [Acme] Server on >= 1024 port Yoav Nir
- Re: [Acme] Server on >= 1024 port Yoav Nir
- Re: [Acme] Server on >= 1024 port Rob Stradling
- Re: [Acme] Server on >= 1024 port Stephen Farrell
- Re: [Acme] Server on >= 1024 port Rob Stradling
- Re: [Acme] Server on >= 1024 port Paul Millar
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Yoav Nir
- Re: [Acme] Server on >= 1024 port Salz, Rich
- Re: [Acme] Server on >= 1024 port Richard Barnes
- Re: [Acme] Server on >= 1024 port Niklas Keller
- Re: [Acme] Server on >= 1024 port Ted Hardie
- Re: [Acme] Server on >= 1024 port Salz, Rich
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Romain Fliedel
- Re: [Acme] Server on >= 1024 port Ted Hardie
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Romain Fliedel
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Peter Eckersley
- Re: [Acme] Server on >= 1024 port Peter Eckersley
- Re: [Acme] Server on >= 1024 port Peter Eckersley
- Re: [Acme] Server on >= 1024 port James Cloos
- Re: [Acme] Server on >= 1024 port Richard Barnes
- Re: [Acme] Server on >= 1024 port Phillip Hallam-Baker
- Re: [Acme] Server on >= 1024 port Peter Eckersley
- Re: [Acme] Server on >= 1024 port James Cloos
- Re: [Acme] Server on >= 1024 port Eric Rescorla
- Re: [Acme] Server on >= 1024 port Niklas Keller
- Re: [Acme] Server on >= 1024 port Randy Bush
- Re: [Acme] Server on >= 1024 port Eric Mill
- Re: [Acme] Server on >= 1024 port Darren J Moffat
- Re: [Acme] Server on >= 1024 port Rob Stradling
- Re: [Acme] Server on >= 1024 port Ángel González
- Re: [Acme] Server on >= 1024 port Vincent Lynch