Salz, Rich <[email protected]> writes: >Since WebPKI CA’s will not be able to issue TLS-Client certificates, what are >the customers and CAs thinking of doing?
Same as they've always done, which for the vast majority of all TLS users will be not bother with client certs. For the rest, typically siloed deployments using private-label CAs and/or ignoring eKU. And commenting on another part of the discussion about what is PKI: Non-web PKI isn't really PKI as such, specifically the I part, but a ticket-clipping service, you need to have a ticket visible on your dashboard that's been clipped by one of the Approved Authorities in order to participate in the system. Which may sound bad but actually isn't, it's a pretty effective access control mechanism, and certainly vastly more so than the web PKI. Peter. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
