Salz, Rich <[email protected]> wrote: > Since WebPKI CA’s will not be able to issue TLS-Client certificates, > what are the customers and CAs thinking of doing?
You say this as if it's a new thing :-)
Is it the "change" that certificates obtained for code signing or email use
will have the tls-kp-clientAuth EKU ommitted?
> Replies to be will be summarized to both lists. Please be careful if
> you use reply-all.
1. This assumes the RP are checking EKU.
2. I think 94% of usage of mTLS is via private PKI for the client side.
It would be nice to find a way to resurrect subordinate enterprise PKI.
I have some ideas, but I don't work for a WebPKI.
(Change that if you like)
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
