[Servercert-wg] [External Sender] Discussion about single-purpose client authentication leaf certificates issued from a server TLS Issuing CA
Clint Wilson
clintw at apple.com
Thu May 16 19:29:07 UTC 2024
> AFAIK Apple and Mozilla also don't have a specific "trust bit" for Client Authentication. Only Microsoft does.
FWIW, Apple does indeed have a specific trust bit for id-kp-clientAuth EKU and allows for (and ships) dedicated clientAuth Root CAs in the Apple Root Program (as outlined in 2.1.3 of the ARP Policy).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240516/4c4ec737/attachment.p7s>
More information about the Servercert-wg
mailing list