nanog mailing list archives
Re: Massive change in Public Cert behaviour coming soon
From: John Levine via NANOG <nanog () lists nanog org>
Date: 22 May 2025 15:58:19 -0400
It appears that Colin Constable via NANOG <nanog () lists nanog org> said:
We use EKU to provide mTLS between components owned and run by other entities, it is not truly authentication, as we have other methods to do that but it does "keep the lumps out".
If the entities know who each other are, why do you and they need a public CA?
2) Create a shadow CA infra for non browser use cases - Which results in fragmented CA (yuck!)
It is my impression that the normal way to manage client certs is for the organization that runs the servers to sign and distribute certs to the clients. This isn't new. R's, John _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/UYNMKE57RUNMRGOVN6NA72HW5HOOGC3U/
Current thread:
- Re: Massive change in Public Cert behaviour coming soon, (continued)
- Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 19)
- Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 19)
- Re: Massive change in Public Cert behaviour coming soon Crist Clark via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Massive change in Public Cert behaviour coming soon Crist Clark via NANOG (May 27)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 27)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Massive change in Public Cert behaviour coming soon Colin Constable via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Jay Acuna via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon John R. Levine via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Eliot Lear via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Jay Acuna via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon John R. Levine via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon Bjørn Mork via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon William Herrin via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon Bjørn Mork via NANOG (May 27)