Paul Wouters via dev-security-policy
writes:
>I'm not sure how that is helpful for those crypto libraries who mistakenly
>believe a certificate is a TLS certificate and thus if the EKU is not empty
>it should have serverAuth or clientAuth.
Sure, it wouldn't help with current libraries that
2018. december 6., csütörtök 23:31:42 UTC+1 időpontban Peter Gutmann a
következőt írta:
>
> So just to make sure I've got this right, implementations are needing to add
> dummy TLS EKUs to non-TLS certs in order for them to "work"? In that case why
> not add a signalling EKU or policy value, a
On Thu, 6 Dec 2018, Peter Gutmann via dev-security-policy wrote:
Paul Wouters via dev-security-policy
writes:
Usually X509 is validated using standard libraries that only think of the TLS
usage. So most certificates for VPN usage still add EKUs like serverAuth or
clientAuth, or there will
Paul Wouters via dev-security-policy
writes:
>Usually X509 is validated using standard libraries that only think of the TLS
>usage. So most certificates for VPN usage still add EKUs like serverAuth or
>clientAuth, or there will be interop problems.
So just to make sure I've got this right,
4 matches
Mail list logo
