[cabfpub] "Authorized Port"

Ben Wilson ben.wilson at digicert.com
Fri Sep 4 15:03:00 UTC 2015

This is good discussion.  Let's keep it up.  We need more people to chime in.

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Friday, September 4, 2015 2:34 AM
To: Ben Wilson <ben.wilson at digicert.com>; CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] "Authorized Port"

On 03/09/15 18:06, Ben Wilson wrote:
> The Validation Working Group is considering amendments to the domain 
> validation processes.  Two of those processes use the concept of an 
> “authorized port” in order to limit the threat of approvals occurring 
> through ports that are not “well-known”.

Why would one want to permit approvals for an SSL certificate through a port which was well-known for not being SSL?

Is this because of STARTTLS and equivalents?

I also agree with Ryan that control of any port over 1024 should not be considered to be the same as control of the server or the FQDN which points to it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150904/7ad68e10/attachment-0001.p7s>

More information about the Public mailing list