Correcting a small error in the previous message:
> Date: Wed, 11 Oct 2023 18:47:02 +0000 > From: Taylor R Campbell <riastr...@netbsd.org> > > Note: The formal PKIX language has a way for a CA certificate to > express that the CA it represents is authorized to sign certificates > for TLS server authentication. Actually, it can't even express that, as far as I know. The certificate can say it is authorized to sign certificates (basic constraints: CA=TRUE, extended key usage: cert sign), or it is authorized to authenticate TLS servers (extended key usage: server auth). But it can't say it is authorized to sign certificates only for entities authorized to authenticate TLS servers. That is, it can't be _restricted_ from doing that in the X.509 language, so _any_ CA can always sign certificates for _any_ purpose.
