Richard Barnes <[email protected]> writes: >Let's Encrypt issues roughly 3 million publicly trusted certificates per day >that contain the client authentication EKU
But they just set that by default for every cert they issue so it's pretty much meaningless. There are public CAs that set keyAgreement for RSA certs, and emailProtection for TLS server certs, doesn't mean any of them ever get used for that. (My more snarky response would have been that I should have asked that the IETF define a peaceOnEarth EKU so Let's Encrypt could set that as well :-). Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
