28 Jun
2023
28 Jun
'23
6:59 a.m.
--On Wednesday, June 28, 2023 3:41 AM +0000 Jordan Brown openldap@jordan.maileater.net wrote:
On 6/27/2023 7:14 PM, Quanah Gibson-Mount wrote:
Using a public CA for client certs seems very odd to me.
Depends on your use case. Think of it as a form of federated login. Many sites will let you log in with your Google username and password (or Amazon or Facebook or ...); why not let you log in using your Google-issued certificate?
I guess it comes to an issue of trust. I wouldn't trust Amazon, Facebook, or Google issued certificates, and I personally avoid making use of those types of integrations for username/password.
--Quanah