Conversation

Notices

1. Embed this notice
   Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Saturday, 17-May-2025 02:19:52 JST Jan Wildeboer 😷:krulorange:

   in reply to

   • Owen
   • seyon

   @seyon Yes, and reducing TLS certs in ways they can effectively only be used for HTTPS through this step of only allowing ServerAuth EKUs is IMHO (In My Humble Opinion) a step backwards. But as you can see in the comments, other folks fiercely attack that position. @easytarget @mirabilos

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     seyon (seyon@ciberlandia.pt)'s status on Saturday, 17-May-2025 02:19:53 JST seyon

     in reply to

     • Owen

     @easytarget @jwildeboer @mirabilos it's being like that a while. It was google that pushed all the https thing everywhere.

   • Embed this notice
     Owen (easytarget@social.makerforums.info)'s status on Saturday, 17-May-2025 02:19:54 JST Owen

     in reply to

     @jwildeboer @mirabilos

     That's just worse. So if Google says 'jump' we shouldn't look askance at those who say 'how high?'

     I get that this is being imposed on LetsEncrypt, but if we want to have a wider discussion about what is being done here then we need them on our side. Quietly going along with this sets a bad precedent for them, it lowers my trust in letsEncrypt, and I'm sure I'm not alone.

   • Embed this notice
     Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Saturday, 17-May-2025 02:19:55 JST Jan Wildeboer 😷:krulorange:

     in reply to

     • Owen

     @easytarget @mirabilos No. The removal of the ClientAuth EKU (Extended Key Usage) in newly issued certificates happens everywhere, not only at LetsEncrypt. It is required by Google. Certificates with ClientAuth will not be trusted by Google from mid 2026.

   • Embed this notice
     Owen (easytarget@social.makerforums.info)'s status on Saturday, 17-May-2025 02:19:56 JST Owen

     @mirabilos
     @jwildeboer

     Hastag: #letsenshit ?