> -----Original Message-----
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+steve_medin=symantec....@lists.mozilla.org] On Behalf Of Nick
> Lamb via dev-security-policy
> Sent: Monday, February 13, 2017 6:37 PM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Intermediates Supporting Many EE Certs
> On Monday, 13 February 2017 22:40:45 UTC, Steve Medin  wrote:
> > With de facto use of AIA, there is no issuer installation on the server
> could be improper. Proper is defined at the moment, either by cache or
> discovery hints.
> Much as I should like ubiquitous ambient Internet to be a ground truth,
> reality is that clients connecting to a TLS server today don't necessarily
> access in order to resolve URLs baked into AIA. Indeed in many cases
> (including for products sold by your own company, Symantec) the whole
> reason the client is talking to this particular server is in order to get
> _to_ the Internet.

Locally resolved on access points, gateways and egress inspection devices by
full chain installation, not the problem I'm working.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

dev-security-policy mailing list

Reply via email to