I have two concerns about this proposal.
First, there's a good chance that the vulnerability that caused SimpleHTTP to be
deprecated[1] would work. In short, if a multi-tenant hosting environment does
not set a default virtual host explicitly, commonly-used web server software
would pick the first
Hello,
This has been copied over from a github letsencrypt/acme-spec#242,
ietf-wg-acme/acme#215:
As you seem to be strongly concerned over adding the option to adding the
possibility to do the challange over alternate ports (some of which I are
valid, but all of which can be handled in a secure w
On 25/11/2016, Richard Barnes wrote:
> I do have merge privileges, and I merged it :)
Thanks, Richard :)
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme