According to Google. Why do they get to dictate this?
Per the current (2.2.2) CAB requirements [1], ยง7.1.2.10.6, "CA Certificate Extended Key Usage": id-kp-clientAuth is a MAY.
If I was (say) Let's Encrypt I would (optionally?) allow it and dare Google/Chrome to remove my root certificate. Letting bullies get away with this kind of non-sense only encourages them.
According to Google. Why do they get to dictate this?
Per the current (2.2.2) CAB requirements [1], ยง7.1.2.10.6, "CA Certificate Extended Key Usage": id-kp-clientAuth is a MAY.
If I was (say) Let's Encrypt I would (optionally?) allow it and dare Google/Chrome to remove my root certificate. Letting bullies get away with this kind of non-sense only encourages them.
[1] https://cabforum.org/working-groups/server/baseline-requirem...