> -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec....@lists.mozilla.org] On Behalf Of Nick > Lamb via dev-security-policy > Sent: Monday, February 13, 2017 6:37 PM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Intermediates Supporting Many EE Certs > > On Monday, 13 February 2017 22:40:45 UTC, Steve Medin wrote: > > With de facto use of AIA, there is no issuer installation on the server that > could be improper. Proper is defined at the moment, either by cache or > discovery hints. > > Much as I should like ubiquitous ambient Internet to be a ground truth, the > reality is that clients connecting to a TLS server today don't necessarily have > access in order to resolve URLs baked into AIA. Indeed in many cases > (including for products sold by your own company, Symantec) the whole > reason the client is talking to this particular server is in order to get access > _to_ the Internet.
Locally resolved on access points, gateways and egress inspection devices by full chain installation, not the problem I'm working.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy