On 17. mája 2025 16:30:09 UTC, Grant Taylor via mailop <mailop@mailop.org> wrote:
>> I am more interesting in "which problem will that solve?" (if any) > >I suspect it's probably rooted reducing code / attack surface for code paths >that aren't needed by their primary line of business (TLS for /servers/) or >their primary client application (web-browser; read: TLS client). IMO, interesting part of it is, that the baseline profile mentions clientAuth in server's certificate as valid (MAY). Are google not participating in that document? Or someone (once again) forgot, that Internet is not only about web brovsers? Or they just do not care? I ignored these baseline rules for years (i am not public CA nor crypto dev), but this forced me today to read it (and confirm, that my knowledge is more or less right). BTW, i am not directly affected, as i use private CAs for clients (where needed), but i see this change as very bad direction. And LE reacts as good slave (i understand, that LE is in bad position in this, but...) regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
