> On 21 Apr 2015, at 18:23, Salz, Rich <[email protected]> wrote: > > I understand that you want it to “just work” (you said that a couple of times > :), but other folks have raised security concerns – do you understand or > agree with them?
I agree that client access to ports below 1024 usually requires more privileges and that’s generally safer than allowing any client port. > One way forward is to say a client MAY specific a port, where the default is > 443. An ACME server MAY reject requests for ports other than 443 if it is in > violation of the operating policy. That would work. The policy of Let’s Encrypt Certificate Authority, however, is very important! I also would very much like that CA to allow client-defined callback ports below 1024. Bruce
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
