> On Apr 15, 2017, at 12:01 PM, Alice Wonder <[email protected]> wrote:
>
> When using a 2 x x DANE record for S/MIME - Do I need to then include
> the intermediary (and root?) certificate with the actual user's certificate,
> or is it possible to use something like authorityInfoAccess when generating
> the cert to specify where the intermediary certificate that matches the DANE
> record resides?
The user's signature needs to (and generally will) include all the certificates
up to and including the "2 x x" trust-anchor. To maximize the chance that this
will happen publish a "2 x x" for an intermediate, rather than a root
(self-signed)
CA.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
