> AFAIK Apple and Mozilla also don't have a specific "trust bit" for Client > Authentication. Only Microsoft does.
FWIW, Apple does indeed have a specific trust bit for id-kp-clientAuth EKU and allows for (and ships) dedicated clientAuth Root CAs in the Apple Root Program (as outlined in 2.1.3 of the ARP Policy).
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
