> -----Original Message-----
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+steve_medin=symantec....@lists.mozilla.org] On Behalf Of Nick
> Lamb via dev-security-policy
> Sent: Tuesday, February 14, 2017 12:14 PM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Intermediates Supporting Many EE Certs
> On Tuesday, 14 February 2017 13:47:51 UTC, Steve Medin  wrote:
> > -          PKCS#7 chains are indeed not a requirement, but see point 1. It’s
> probably no coincidence that IIS supports it given awareness of the demands
> placed on enterprise IT admins.
> Not once have I thought "This would be easier with PKCS#7". Literally I've
> never even had to walk a user through how to make a PKCS#7 file, because it
> never comes up. In addition to PEM they've needed JKS and PKCS#12 and ZIP
> files but never PKCS#7.

But Nick, you carry PKI around in your back pocket. Any of us reading this know 
JKS, CAPI, apache mod-ssl directives and prefer a manifest of separate files.

I mention P7 because IIS inhales them in one click and ensures that the 
intermediate gets installed. There is an audience that likes that. In my last 
version, my enrollment portal asked for server type at request time and 
delivered target-friendly files on fulfillment with a link to other formats at 
a download center.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

dev-security-policy mailing list

Reply via email to