Google and Letsencrypt, as discussed in the message which started this thread.
So let me get this straight. 1. You have just spent multiple days arguing that EKU options in X.509 certificates is not something that should be used at all because (in your view) it is an authorization function. Even in your last message you say this : The CA should be authenticating my
identity, not "helping" make authorization decisions.
2. LetsEncrypt is making a change to REMOVE one of the possible EKU options, that you believe shouldn't be used in the first place. 3. You interpret this as having something 'imposed' on you. On Thu, May 22, 2025 at 2:09 PM William Herrin <bill@herrin.us> wrote:
On Thu, May 22, 2025 at 10:44 AM Tom Beecher <beecher@beecher.cc> wrote:
While I /might/ want to do that I definitely don't want it imposed on me from on high.
It's **YOUR** certificate that **YOU** are creating. The EKU is NOT mandatory to have present.
Who is "imposing" something on you?
Google and Letsencrypt, as discussed in the message which started this thread.
Regards, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/