When using a 2 x x DANE record for S/MIME - Do I need to then include
the intermediary (and root?) certificate with the actual user's
certificate, or is it possible to use something like authorityInfoAccess
when generating the cert to specify where the intermediary certificate
that matches the DANE record resides?
--
Sorry for the n00b like question, I'm probably still months away from
implementing, I have the scripts needed for the root and intermediaries
set up, but I need to finish carefully inspecting them find a good open
source OCSP responder because I believe that is necessary if an
intermediary fingerprint is put in DANE record instead of a self-signed.
This does however really excite me, wish we had DANE validation of
S/MIME when I first got into computing.
Thank you for your time,
Alice Wonder
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
