Just FYI, Apple responds to my concerns: > After examining your report we do not see any actual security implications. > Mac OS X can locate missing intermediate certificates by finding them in a > keychain or by using the "CA Issuers" field of the "Certificate Authority > Information Access" extension in the certificate. One of these will succeed > because your certificate does have the "CA Issuers" field. Once the > intermediate has been found, a complete certificate chain can be built and > Mail will accept the certificate as valid.
And, yes, that field really specifies the missing piece in the chain as a URI to the PEM-encoded intermediate certificate. So that's okay then. And really, quite cool. :-) Cheers, Sabahattin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
