[thayne]

So that argues against including CAs that don't issue server authentication cerificates. That's somewhat reasonable, although it does put non-browser use cases in an awkward position, since there isn't currently a standard distribution channel for trusted CAs that is independent of browsers.

But prohibiting certs from being marked for client usage is mostly unrelated to that goal because:

1. There are many non-web use cases for certificates that are only used for server authentication. And

2. There are use cases where it makes sense to use the same certificate used for web PKI as a client with mTLS to another server using web PKI, especially for federated communication.