[cabfpub] BR Authorized Ports, add 8443

Ryan Sleevi sleevi at google.com
Thu Mar 1 16:18:24 UTC 2018

This was intentional and keeps the port numbers within the standard set of
'authorized' ports (in the notion of unix systems) - ports <1024 requiring
privileged access.

This is generally true (but not explicitly) on other systems.

Given that WoSign/WoTrus's past issuance systems allowed unprivileged users
to obtain certificates through the use of high port numbers (in this case,
for STUN/TURN services and SSH), I do not think it particularly wise or
encouraging to consider this.

On Thu, Mar 1, 2018 at 10:51 AM, Ben Wilson via Public <public at cabforum.org>

> Forwarding from Richard Wang:
> The current BRs say:
> Authorized Ports: One of the following ports: 80 (http), 443 (http), 25
> (smtp), 22 (ssh).
> But many internal networks use the port 8443, broadly used in Apache
> server, today, one of our customers uses this port and can't change to use
> another port, I wish you can help to add this port 8443 to be allowed in
> the BRs, thanks.
> https://www.speedguide.net/port.php?port=8443,  it says "8443 is the
> Common alternative HTTPS port."
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180301/d98ea518/attachment-0003.html>

More information about the Public mailing list