> -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec....@lists.mozilla.org] On Behalf Of Nick > Lamb via dev-security-policy > Sent: Tuesday, February 14, 2017 12:14 PM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Intermediates Supporting Many EE Certs > > On Tuesday, 14 February 2017 13:47:51 UTC, Steve Medin wrote: > > - PKCS#7 chains are indeed not a requirement, but see point 1. It’s > probably no coincidence that IIS supports it given awareness of the demands > placed on enterprise IT admins. > > > Not once have I thought "This would be easier with PKCS#7". Literally I've > never even had to walk a user through how to make a PKCS#7 file, because it > never comes up. In addition to PEM they've needed JKS and PKCS#12 and ZIP > files but never PKCS#7. >
But Nick, you carry PKI around in your back pocket. Any of us reading this know JKS, CAPI, apache mod-ssl directives and prefer a manifest of separate files. I mention P7 because IIS inhales them in one click and ensures that the intermediate gets installed. There is an audience that likes that. In my last version, my enrollment portal asked for server type at request time and delivered target-friendly files on fulfillment with a link to other formats at a download center.
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy