Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think you're confusing different actors here. The change was made by the CA/B Forum, the recommendation is just how it is if you want to use a certificate not for the purposes intended.


But it does mean that the CA/B requirement change has zero positive effect on security of anything and only causes pointless work and breakage.

Or to put it another way, the pragmatic response of the XMPP community shows that the effect of the change is not to remove the clientAuth capability from any certs but to effectively add it to all serverAuth certs no matter what the certificate says.


Relying on an accidental feature and its removal causing work is a perfect example why it shouldn't be there in the first place.

The XMPP community can continue to adapt other infrastructure for their purposes and do the thing they do. It does not mean it has to be catered to.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: