While I /might/ want to do that I definitely don't want it imposed on me from on high.
It's **YOUR** certificate that **YOU** are creating. The EKU is NOT mandatory to have present. Who is "imposing" something on you? On Thu, May 22, 2025 at 12:29 PM William Herrin via NANOG < nanog@lists.nanog.org> wrote:
On Tue, May 20, 2025 at 8:10 AM Jay Acuna via NANOG <nanog@lists.nanog.org> wrote:
One of the things a user /might/ want to do is have multiple Public/Secret keypairs, and compartmentalize your keys.
Hi Jay,
I /might/ want to do that, but it's still a mishmash of authentication and authorization,. While I /might/ want to do that I definitely don't want it imposed on me from on high. The CA should be authenticating my identity, not "helping" make authorization decisions.
Regards, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/ _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/ZCBG6UNG...