On 26/11/15 11:20, Yoav Nir wrote:
<snip>
Another thing is that I don’t get why some CAs have the web *client*
authentication EKU thrown in there.
Because a sufficiently large number of customers asked for it. :-)
AIUI the use case is server-to-server comms, where server A acts as a
TLS client and server B requires TLS client auth. Server A also acts as
a TLS server and its operator doesn't want to have to manage 2 different
certs.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
