> One of the hard requirements for our deployment was that the same
certificate be useable with DCs and without. A different EKU would be
more problematic then an extension for this purposeThat's a good point, and I accept Ryan's comments about EKU deployment. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
