So like a "client" cert is just a way to say "yes I'm really
example.org" yeah?
That seems particularly useful for federated networks (XMPP, etc). Why
not call these server-to-server certs?
On 4/18/23 20:45, Peter Gutmann wrote:
Richard Barnes <r...@ipv.sx> writes:
>Let's Encrypt issues roughly 3 million publicly trusted certificates per day
>that contain the client authentication EKU
But they just set that by default for every cert they issue so it's pretty
much meaningless. There are public CAs that set keyAgreement for RSA certs,
and emailProtection for TLS server certs, doesn't mean any of them ever get
used for that.
(My more snarky response would have been that I should have asked that the
IETF define a peaceOnEarth EKU so Let's Encrypt could set that as well :-).
Peter.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls