[cabfpub] BR Authorized Ports, add 8443

Phillip philliph at comodo.com
Fri Mar 2 05:33:54 UTC 2018

Service Name and Transport Protocol Port Number Registry



Speedguide has no authority and I for one had never heard of it. IANA is the source.



IF we were to consider an alternative port then it should be advertised by means of a DNS SRV record. But that does not seem necessary.



From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi via Public
Sent: Thursday, March 1, 2018 11:18 AM
To: Ben Wilson <ben.wilson at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] BR Authorized Ports, add 8443


This was intentional and keeps the port numbers within the standard set of 'authorized' ports (in the notion of unix systems) - ports <1024 requiring privileged access.


This is generally true (but not explicitly) on other systems.


Given that WoSign/WoTrus's past issuance systems allowed unprivileged users to obtain certificates through the use of high port numbers (in this case, for STUN/TURN services and SSH), I do not think it particularly wise or encouraging to consider this.


On Thu, Mar 1, 2018 at 10:51 AM, Ben Wilson via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:

Forwarding from Richard Wang:

The current BRs say:

Authorized Ports: One of the following ports: 80 (http), 443 (http), 25 (smtp), 22 (ssh).

But many internal networks use the port 8443, broadly used in Apache server, today, one of our customers uses this port and can't change to use another port, I wish you can help to add this port 8443 to be allowed in the BRs, thanks.

https://www.speedguide.net/port.php?port=8443,  it says "8443 is the Common alternative HTTPS port."


Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180302/a1908e5e/attachment-0003.html>

More information about the Public mailing list