- From: nightpool <eg1290@gmail.com>
- Date: Tue, 8 Oct 2024 20:09:10 -0700
- To: Evan Prodromou <evan@prodromou.name>
- Cc: perillamint <perillamint@silicon.moe>, public-swicg@w3.org
Received on Wednesday, 9 October 2024 03:09:27 UTC
My understanding from https://community.letsencrypt.org/t/generating-mtls-client-certs/218728/5 is that the PKI community is trying to phase out the usage of DV certs as mTLS / client certificates, so it might be a bit risky to try and build a spec on top of them, even though in theory it does make sense for this use-case (but, as other people have pointed out, does create extra security risk in terms of needing to keep private keys on servers that are processing potentially-risky user-supplied data in complicated ways and making it harder to e.g. terminate your TLS connections at secured ingress nodes etc)
Received on Wednesday, 9 October 2024 03:09:27 UTC