On 26/11/15 11:35, Stephen Farrell wrote:
On 26/11/15 11:32, Rob Stradling wrote:
On 26/11/15 11:20, Yoav Nir wrote:
<snip>
Another thing is that I don’t get why some CAs have the web *client*
authentication EKU thrown in there.
Because a sufficiently large number of customers asked for it. :-)
AIUI the use case is server-to-server comms, where server A acts as a
TLS client and server B requires TLS client auth. Server A also acts as
a TLS server and its operator doesn't want to have to manage 2 different
certs.
Yep. I also want that. Not needed everywhere but it's good to have.
Yes, it's not needed everywhere, but for the sake of simplicity it's
easier to just include it by default.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
