[cabf_validation] Authorized Port List

Doug Beattie doug.beattie at globalsign.com
Fri Aug 28 12:06:43 MST 2015 

Some CAs have very strict rules about where the random number can go and they request the customer to place it there.  If others put it anywhere, then I guess they will need to provide a long list like you did or recommend that we not restrict this to a specific set of ports.

Doug

From: Ben Wilson [mailto:ben.wilson at digicert.com]
Sent: Friday, August 28, 2015 2:45 PM
To: Doug Beattie <doug.beattie at globalsign.com>; validation at cabforum.org
Subject: RE: Authorized Port List

It's not about what CAs want.  It's about what a customer might want.
________________________________
From: Doug Beattie<mailto:doug.beattie at globalsign.com>
Sent: ‎8/‎28/‎2015 11:26 AM
To: Ben Wilson<mailto:ben.wilson at digicert.com>; validation at cabforum.org<mailto:validation at cabforum.org>
Subject: RE: Authorized Port List
Ben,

Do you think a CA needs to use all of these ports when attempting to validate a Random value in the .well-known directory on an Authorized Domain?  It seems unlikely Kerberos, sip and many others would be used for that purpose.

I suggest CAs add to the short list in Kirk’s proposal with ones they use and need to be present.  If others need to be added in the future that can be another ballot (i.e., start small and add as needed).

Doug

From: validation-bounces at cabforum.org<mailto:validation-bounces at cabforum.org> [mailto:validation-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Friday, August 28, 2015 2:11 PM
To: validation at cabforum.org<mailto:validation at cabforum.org>
Subject: [cabf_validation] Authorized Port List

What about this list as something to review?  It’s pulled from a review of this:
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

22 (ssh), 25 (smtp), 80 (http), 109-110 (pop), 115 (sftp), 443 (https), 465 (smtps), 556 (rfs), 563 (nntps), 587 (smtp), 591 (filemaker), 593 (rpc-over-http), 636 (ldaps), 695 (ieee-mms-ssl), sip, 749-752 (kerberos), 898 (brocade-ssl), 901-904 (vmware), 911 (nca), 989-990 (ftps), 992 (telnets), 993 (imaps), 994 (ircs), 995 (pops), 1364 (ibm), 2083 (cpanel), 2087 (webhost), 2096 (cpanel), 5060-5061 (sip)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20150828/333a2645/attachment.html

More information about the Validation mailing list