Not necessarily. One could use client certificates to ensure that only authorized clients (e.g. a laptop with the client certificate in its key store) can access some resource.
On Tue, Apr 18, 2023 at 5:07 PM Soni L. <fakedme+...@gmail.com> wrote: > So like a "client" cert is just a way to say "yes I'm really > example.org" yeah? > > That seems particularly useful for federated networks (XMPP, etc). Why > not call these server-to-server certs? > > On 4/18/23 20:45, Peter Gutmann wrote: > > Richard Barnes <r...@ipv.sx> writes: > > > > >Let's Encrypt issues roughly 3 million publicly trusted certificates > per day > > >that contain the client authentication EKU > > > > But they just set that by default for every cert they issue so it's > pretty > > much meaningless. There are public CAs that set keyAgreement for RSA > certs, > > and emailProtection for TLS server certs, doesn't mean any of them ever > get > > used for that. > > > > (My more snarky response would have been that I should have asked that > the > > IETF define a peaceOnEarth EKU so Let's Encrypt could set that as well > :-). > > > > Peter. > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls