On Sat, 17 May 2025, Jaroslaw Rafa via mailop wrote:
Dnia 18.05.2025 o godz. 00:06:33 Viktor Dukhovni via mailop pisze:
Regardless, while I the case for CAs to not issue combo
client/server certificates is not absolutely compelling,
trusting public-CA-issued client certs is ill-advised.
Of course if I would implement cert auth, I would prefer to issue
certificates to my users by my own CA; but if the public-issued cert
would contain a *validated* email address as the subject, what
speaks against using it for authentication as this (and only this)
email user?
How would the pulic CA know which user on your domain actually sent
the request ? Validation proves the domain but trusts that the domain
is honest about the localpart.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
