nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Massive change in Public Cert behaviour coming soon

From: Tom Beecher via NANOG <nanog () lists nanog org>
Date: Thu, 22 May 2025 14:27:35 -0400

Google and Letsencrypt, as discussed in the message which started this
thread.



So let me get this straight.

1. You have just spent multiple days arguing that EKU options in X.509
certificates is not something that should be used at all because (in your
view) it is an authorization function. Even in your last message you say
this :

The CA should be authenticating my

identity, not "helping" make authorization decisions.



2. LetsEncrypt is making a change to REMOVE one of the possible EKU
options, that you believe shouldn't be used in the first place.

3. You interpret this as having something 'imposed' on you.

On Thu, May 22, 2025 at 2:09 PM William Herrin <bill () herrin us> wrote:


On Thu, May 22, 2025 at 10:44 AM Tom Beecher <beecher () beecher cc> wrote:

While I /might/ want to do that I definitely don't
want it imposed on me from on high.


It's **YOUR** certificate that **YOU** are creating.  The EKU is NOT

mandatory to have present.


Who is "imposing" something on you?


Google and Letsencrypt, as discussed in the message which started this
thread.

Regards,
Bill Herrin


--
William Herrin
bill () herrin us
https://bill.herrin.us/


_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/BVJ5ODNISHT2SG3FYPDPCDYP4ETLTHQV/
Previous By Date Next
Previous By Thread Next

Current thread: