Very unrelated from WebPKI, but almost all 3GPP use of TLS, DTLS, and QUIC are mutually authenticated and will continue rely on TLS-Client certificates. 3GPP relies on the Internet PKI profile (RFC 5280) for everything including device certificates. I think the same applies to the other large use cases of mTLS in enterprise, government, and IoT.
I am worried about recent trends to use WebPKI for non-Web use cases. The WebPKI relies on hundreds of trusted roots, have quite weak security for issuance, does not do revocations, and now will not do client authentication. It is very unsuitable for most other use cases. Similarly, technologies and policies like transparency and short-term certificates might not be adding much for other applications. Cheers, John Preuß Mattsson From: Salz, Rich <[email protected]> Date: Monday, 23 March 2026 at 15:36 To: Tls <[email protected]>, [email protected] <[email protected]> Subject: [TLS] TLS Client Certificates; a survey Since WebPKI CA’s will not be able to issue TLS-Client certificates, what are the customers and CAs thinking of doing? Replies to be will be summarized to both lists. Please be careful if you use reply-all.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
