Path: news.eternal-september.org!eternal-september.org!feeder3.eternal-september.org!news.quux.org!weretis.net!feeder9.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!not-for-mail
From: John Levine <johnl@taugh.com>
Newsgroups: comp.mail.sendmail
Subject: Re: Client Auth certificates, threat or menace?
Date: Thu, 22 May 2025 20:09:25 -0000 (UTC)
Organization: Taughannock Networks
Message-ID: <100o09l$28bu$2@gal.iecc.com>
References: <100iavl$13mj$1@gal.iecc.com> <100io2i$2ahf$1@gal.iecc.com> <100joie$qv6$1@news.misty.com> <100miff$974$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 22 May 2025 20:09:25 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970";
	logging-data="74110"; mail-complaints-to="abuse@iecc.com"
In-Reply-To: <100iavl$13mj$1@gal.iecc.com> <100io2i$2ahf$1@gal.iecc.com> <100joie$qv6$1@news.misty.com> <100miff$974$1@news.misty.com>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)

According to Claus Aßmann  <INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org>:
>Certificate:
>        X509v3 extensions:
>            X509v3 Extended Key Usage: 
>                TLS Web Server Authentication
>
>Used by client: no error in client, but the server shows
>status=unsupported certificate purpose
>hence the cert is basically unusable for a client -
>as some people claimed.

I'm not worried about that since basically nobody uses client certs signed by a public CA.

I was worried that some bug would look for it in server certs.  That seems OK.

-- 
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly