|
|
|
|
|
|
by throw0101a
133 days ago
|
|
|
> That's not allowed. According to Google. Why do they get to dictate this? Per the current (2.2.2) CAB requirements [1], ยง7.1.2.10.6, "CA Certificate Extended Key Usage": id-kp-clientAuth is a MAY. If I was (say) Let's Encrypt I would (optionally?) allow it and dare Google/Chrome to remove my root certificate. Letting bullies get away with this kind of non-sense only encourages them. [1] https://cabforum.org/working-groups/server/baseline-requirem... |
|
|