On 18/11/16 15:04, Rob Stradling wrote: > crt.sh currently has 302 CA certificates that contain the > id-kp-clientAuth EKU OID
I think you mean id-kp-emailProtection here, from your figures... > and that are trusted by Microsoft and/or > Mozilla and/or Apple. > > Here's a summary of the EKU OIDs contained in those 302 intermediate certs: > > count | x509_extkeyusages | purpose > -------+--------------------------+-------------------------------- > 302 | 1.3.6.1.5.5.7.3.4 | id-kp-emailProtection > 284 | 1.3.6.1.5.5.7.3.2 | id-kp-clientAuth > 104 | 1.3.6.1.5.5.7.3.1 | id-kp-serverAuth People make certs usable for both serverAuth and email/clientAuth? :-| > 60 | 1.3.6.1.5.5.7.3.9 | id-kp-OCSPSigning Wait, what? Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
