On Fri, Dec 02, 2022 at 07:22:45PM -0500, Daniel Migault wrote: > adding dns-privacy to the thread. > Yours, > Daniel > > On Fri, Dec 2, 2022 at 4:35 PM Michael Richardson <[email protected]> > wrote: > > > https://www.ietf.org/rfc/rfc9103.html#name-mutual-tls tells me how I > > could use mutual TLS to authenticate (and I think, authorize) a zone > > transfer. > > > > What it does not tell me is whether there should be any Extended Key > > Usage bits set on the certificates. Are the WebServer/WebClient > > required? forbidden? tolerated?
Extended Key Usage is not required. However, if Extended Key Usage is present, on side with TLS client role, id-kp-clientAuth is required, and on side with TLS server role, id-kp-serverAuth is required. -Ilari _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
