On Monday, 13 February 2017 16:18:46 UTC, Steve Medin wrote: > Getting all user agents with interest is issuance limits to implement the CA > Issuers form of AIA for dynamic path discovery and educating server operators > to get out of the practice of static chain installation on servers would make > CA rollovers fairly fluid and less subject to operator error of failing to > install the proper intermediate.
Rather than teaching the User Agents about AIA path discovery, surely if you're concerned about operator error it makes more sense to teach the Servers about AIA instead ? I don't know if any TLS Server vendors read m.d.s.policy (they probably should) but I'd suggest they're the best people to reach out to. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
