On 28/06/2023 3:41 am, Howard Chu wrote:
The point of a certificate-based authentication system is not to have to implement authentication rules for each and every individual user.
It needn't be so fine grained. Just restrict the namespace of accepted certs to that which the system integrator has authority over.
that CA should only be issuing certs to valid users. Ideally, the LDAP server should be the CA
That is too opinionated for universal application. I am sure I am not alone in choosing to use a public CA.