On 6/27/2023 7:14 PM, Quanah Gibson-Mount wrote:

Using a public CA for client certs seems very odd to me.

Depends on your use case. Think of it as a form of federated login. Many sites will let you log in with your Google username and password (or Amazon or Facebook or ...); why not let you log in using your Google-issued certificate?

-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris