@sindarina I have been following this approach (of making ClientAuth less and less desired and actively being fought) since many years, going back to the times of https://unhosted.org where client certificate based auth was an actual browser feature we hoped to use for decentralised architectures. This is just another step to making such architectures far more complex and effectively unusable. THAT's what I oppose.
Conversation
Notices
-
Embed this notice
Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 16-May-2025 19:24:10 JST 
Jan Wildeboer 😷:krulorange:
-
Embed this notice
Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 16-May-2025 19:24:13 JST
Jan Wildeboer 😷:krulorange:
@sindarina The reasons given for this change at https://googlechrome.github.io/chromerootprogram/moving-forward-together/ are not convincing to me. The arguments there reduce the functionality of TLS certs to web servers: "Client authentication represents a private PKI use case that is not relied upon by web browsers for website authentication." which leads to the conclusion that ClientAuth EKU in a cert shouldn't simply be ignored but instead MUST be removed.
Rich Felker repeated this.
-
Embed this notice
All GNU social JP content and data are available under the