|
|
|
|
|
|
by throw0101a
131 days ago
|
|
|
>> [citation needed] > My citation is the membership of the CAB. It is a single member of the CAB that is insisting on changing the MAY to a MUST NOT for clientAuth. Why does that single member, Google-Chrome, get to dictate this? Has Mozilla insisted on changing the meaning of §1.3 to basically remove "other relying‐party software applications"? Apple-Safari? Or any other of the "Certificate Consumers": * https://cabforum.org/working-groups/server/#certificate-cons... The membership of CAB collectively agree to the requirements/restrictions they places on themselves, and those requirements (a) state both browser and non-browser use cases, and (b) explicitly allow clientAuth usage as a MAY; see §7.1.2.10.6, §7.1.2.7.10: * https://cabforum.org/working-groups/server/baseline-requirem... |
|
|