nanog mailing list archives

Re: Massive change in Public Cert behaviour coming soon

From: Crist Clark via NANOG <nanog () lists nanog org>
Date: Thu, 22 May 2025 22:26:30 -0700

It’s not really the CAs driving this. It’s the Google Trusted Root Program.
The CAs want their roots trusted by Chrome.

This article has a little more background on it.

https://www.ssl.com/blogs/removal-of-the-client-authentication-eku-from-tls-server-certificates-what-you-need-to-know/amp/



On Thu, May 22, 2025 at 10:54 AM Eliot Lear via NANOG <nanog () lists nanog org>
wrote:


On 22.05.2025 19:44, Tom Beecher via NANOG wrote:

While I /might/ want to do that I definitely don't
want it imposed on me from on high.


It's **YOUR** certificate that **YOU** are creating.  The EKU is NOT
mandatory to have present.

Who is "imposing" something on you?


The CA.

Eliot


On Thu, May 22, 2025 at 12:29 PM William Herrin via NANOG <
nanog () lists nanog org> wrote:

On Tue, May 20, 2025 at 8:10 AM Jay Acuna via NANOG
<nanog () lists nanog org> wrote:

One of the things a user /might/  want to do is have multiple

Public/Secret

keypairs, and compartmentalize your keys.

Hi Jay,

I /might/ want to do that, but it's still a mishmash of authentication
and authorization,. While I /might/ want to do that I definitely don't
want it imposed on me from on high. The CA should be authenticating my
identity, not "helping" make authorization decisions.

Regards,
Bill Herrin


--
William Herrin
bill () herrin us
https://bill.herrin.us/
_______________________________________________
NANOG mailing list

https://lists.nanog.org/archives/list/nanog () lists nanog org/message/ZCBG6UNGPY33PWNZUWWOQFO4ARHKBQHE/

_______________________________________________
NANOG mailing list

https://lists.nanog.org/archives/list/nanog () lists nanog org/message/GNNNY3SZFGDG2LNEU3SN4URYKKWELDTJ/

_______________________________________________
NANOG mailing list

https://lists.nanog.org/archives/list/nanog () lists nanog org/message/5WQYR4SVLNEJO7CF3PYYFKTXZXWZPW6Q/

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/MTLFMRPTMAKTPP6OD2XKZ37OGTWUEBT5/

Current thread:

Re: Massive change in Public Cert behaviour coming soon, (continued)
- - - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon Crist Clark via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Massive change in Public Cert behaviour coming soon Crist Clark via NANOG (May 27)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 27)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Massive change in Public Cert behaviour coming soon Colin Constable via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Jay Acuna via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon John R. Levine via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Eliot Lear via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Jay Acuna via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon John R. Levine via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon Bjørn Mork via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon John Levine via NANOG (May 27)

(Thread continues...)