Dnia 18.05.2025 o godz. 00:06:33 Viktor Dukhovni via mailop pisze: > > For email authentication (and that's what we are talking about), we should > > treat them as the same. > > Use cases vary, sometimes client certs are used to authenticate a > specific submission user, other times authorised client systems. > Regardless, while I the case for CAs to not issue combo client/server > certificates is not absolutely compelling, trusting public-CA-issued > client certs is ill-advised.
Of course if I would implement cert auth, I would prefer to issue certificates to my users by my own CA; but if the public-issued cert would contain a *validated* email address as the subject, what speaks against using it for authentication as this (and only this) email user? -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
