Re: Intermediates Supporting Many EE Certs

2017-02-14 Thread Peter Gutmann via dev-security-policy
Jakob Bohm via dev-security-policy writes: >Unfortunately, for these not-quite-web-server things (printers, routers >etc.), automating use of the current ACME Let's encrypt protocol with or >without hardcoding the Let's Encrypt URL is a non-starter for

Re: Intermediates Supporting Many EE Certs

2017-02-14 Thread Nick Lamb via dev-security-policy
On Tuesday, 14 February 2017 17:55:18 UTC, Jakob Bohm wrote: > Unfortunately, for these not-quite-web-server things (printers, routers > etc.), automating use of the current ACME Let's encrypt protocol with > or without hardcoding the Let's Encrypt URL is a non-starter for anyone > using these

Re: Intermediates Supporting Many EE Certs

2017-02-14 Thread Ryan Sleevi via dev-security-policy
On Tue, Feb 14, 2017 at 10:13 AM, Steve Medin via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > I mention P7 because IIS inhales them in one click and ensures that the > intermediate gets installed. Yes, but that's not because of PKCS#7, as I tried to explain and

RE: Intermediates Supporting Many EE Certs

2017-02-14 Thread Steve Medin via dev-security-policy
> -Original Message- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of Nick > Lamb via dev-security-policy > Sent: Tuesday, February 14, 2017 12:14 PM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject:

Re: Intermediates Supporting Many EE Certs

2017-02-14 Thread Jakob Bohm via dev-security-policy
On 14/02/2017 18:14, Nick Lamb wrote: On Tuesday, 14 February 2017 13:47:51 UTC, Steve Medin wrote: - PKCS#7 chains are indeed not a requirement, but see point 1. It’s probably no coincidence that IIS supports it given awareness of the demands placed on enterprise IT admins. I

Re: Intermediates Supporting Many EE Certs

2017-02-14 Thread Nick Lamb via dev-security-policy
On Tuesday, 14 February 2017 13:47:51 UTC, Steve Medin wrote: > - PKCS#7 chains are indeed not a requirement, but see point 1. It’s > probably no coincidence that IIS supports it given awareness of the demands > placed on enterprise IT admins. I don't see how PKCS#7 offers any

Re: Intermediates Supporting Many EE Certs

2017-02-14 Thread Ryan Sleevi via dev-security-policy
On Tue, Feb 14, 2017 at 5:47 AM, Steve Medin via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > - The caching I’m talking about is not header directives, I mean > how CAPI and NSS retain discovered path for the life of the intermediate. > One fetch, per person,

RE: Suspicious test.com Cert Issued By GlobalSign

2017-02-14 Thread Doug Beattie via dev-security-policy
Company Foo was a GlobalSign "test" account which we set up to verify proper issuance. > -Original Message- > From: Gervase Markham [mailto:g...@mozilla.org] > Sent: Monday, February 13, 2017 8:57 AM > To: Doug Beattie ; mozilla-dev-security- >

RE: Intermediates Supporting Many EE Certs

2017-02-14 Thread Steve Medin via dev-security-policy
Top comments for readability. - IT professionals, server administrators, are humans, often overworked, who need care, assistance, and attention. In my past version, I offered helpdesk to helpdesk support and lost business that demanded helpdesk to end user server admin. -

RE: Intermediates Supporting Many EE Certs

2017-02-14 Thread Steve Medin via dev-security-policy
> -Original Message- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec@lists.mozilla.org] On Behalf Of Nick > Lamb via dev-security-policy > Sent: Monday, February 13, 2017 6:37 PM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: