> > Google and Letsencrypt, as discussed in the message which started this > thread.
So let me get this straight. 1. You have just spent multiple days arguing that EKU options in X.509 certificates is not something that should be used at all because (in your view) it is an authorization function. Even in your last message you say this : The CA should be authenticating my > identity, not "helping" make authorization decisions. 2. LetsEncrypt is making a change to REMOVE one of the possible EKU options, that you believe shouldn't be used in the first place. 3. You interpret this as having something 'imposed' on you. On Thu, May 22, 2025 at 2:09 PM William Herrin <[email protected]> wrote: > On Thu, May 22, 2025 at 10:44 AM Tom Beecher <[email protected]> wrote: > >> While I /might/ want to do that I definitely don't > >> want it imposed on me from on high. > > > > It's **YOUR** certificate that **YOU** are creating. The EKU is NOT > mandatory to have present. > > > > Who is "imposing" something on you? > > Google and Letsencrypt, as discussed in the message which started this > thread. > > Regards, > Bill Herrin > > > -- > William Herrin > [email protected] > https://bill.herrin.us/ > _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/BVJ5ODNISHT2SG3FYPDPCDYP4ETLTHQV/
