Is 443/UDP valid enough port for proof of domain?

orangepizza · November 26, 2019, 3:39pm

It's won't used by real CA, so mostly theoretical lawyering.

BR's definition of authorized ports only says about port numbers,

Authorized Ports: One of the following ports: 80 (http), 443 (http), 25 (smtp), 22 (ssh).

while protocols it mentions all uses TCP as default, TCP and UDP ports are both assigned to same protocals.

Also TLS (as in RFC 4366) require specific protocol, and have well defined implantation (DTLS) that use TLS over UDP like OpenVPN, would using 3.2.2.4.10. TLS Using a Random Number challenge over 443/udp legal?

schoen · November 26, 2019, 8:24pm

I'm guessing not, because the uses of Authorized Port in the BRs require

accessible by the CA via TLS over an Authorized Port

accessible by the CA via HTTP/HTTPS over an Authorized Port

You can't run TLS over UDP (that would be DTLS instead), and you similarly can't run HTTP directly over UDP. Well, I guess HTTP/3 uses UDP...

So maybe with HTTP/3 or the prior HTTP-over-QUIC.

system · December 26, 2019, 8:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.