> But I have to say, the core problem this proposal
faces would seem to be lack of demand on the part of folks who
consume client certificates.
Agreed. In our experience, client certs are deployed from an enterprise PKI,
and the receiving consumers assume valid issuance. I'm not aware o
Hi Ryan,
Thanks for answering my question in a lot of detail. I asked this
question in the context of a private PKI for client certificates. You
can assume a scenario where the client certificates are issued to
users/devices in an organization from a self service portal by the
organization's existi
Hi Melinda and Rich,
Thank for your comments, I agree that there is not much demand from
the enterprise PKI but with the rise of IOT devices and automatic
enrollment for client certificates, a need for some auditing of all
the issued client certificates is becoming more important. Managing
large se
> faces would seem to be lack of demand on the part of folks who consume
client certificates.
> I'm not aware of any of our customers (the few that use client certs) who
also use a public CA, or even more than one.
With the relatively slow adoption of the EU's eIDAS legislation and thus
national P
On Mon, May 10, 2021 at 9:43 AM Mohit Sahni wrote:
> Hi Ryan,
> Thanks for answering my question in a lot of detail. I asked this
> question in the context of a private PKI for client certificates. You
> can assume a scenario where the client certificates are issued to
> users/devices in an organ
Mechanically on the TLS side, we already aligned the client and server
certificate flows in TLS 1.3. TLS 1.3 already
allows signed_certificate_timestamp in the CertificateRequest message. So
basically what you said in Approach 1, except there's no need for the
server to condition the CertificateReq
On Mon, May 10, 2021 at 8:41 AM Ryan Sleevi wrote:
>
>
>
> On Mon, May 10, 2021 at 9:43 AM Mohit Sahni wrote:
>>
>> Hi Ryan,
>> Thanks for answering my question in a lot of detail. I asked this
>> question in the context of a private PKI for client certificates. You
>> can assume a scenario where
On Mon, May 10, 2021 at 3:23 PM Mohit Sahni wrote:
> On Mon, May 10, 2021 at 8:41 AM Ryan Sleevi
> wrote:
> >
> >
> >
> > On Mon, May 10, 2021 at 9:43 AM Mohit Sahni
> wrote:
> >>
> >> Hi Ryan,
> >> Thanks for answering my question in a lot of detail. I asked this
> >> question in the context o
On Mon, May 10, 2021 at 1:14 PM Ryan Sleevi wrote:
>
>
>
> On Mon, May 10, 2021 at 3:23 PM Mohit Sahni wrote:
>>
>> On Mon, May 10, 2021 at 8:41 AM Ryan Sleevi wrote:
>> >
>> >
>> >
>> > On Mon, May 10, 2021 at 9:43 AM Mohit Sahni wrote:
>> >>
>> >> Hi Ryan,
>> >> Thanks for answering my questi
