[cabfpub] "Authorized Port"

Gervase Markham gerv at mozilla.org
Fri Sep 4 08:34:16 UTC 2015

On 03/09/15 18:06, Ben Wilson wrote:
> The Validation Working Group is considering amendments to the domain
> validation processes.  Two of those processes use the concept of an
> “authorized port” in order to limit the threat of approvals occurring
> through ports that are not “well-known”. 

Why would one want to permit approvals for an SSL certificate through a
port which was well-known for not being SSL?

Is this because of STARTTLS and equivalents?

I also agree with Ryan that control of any port over 1024 should not be
considered to be the same as control of the server or the FQDN which
points to it.


More information about the Public mailing list