Hello,
this might be slightly off topic for this mailing list, but as there are people from various
registries here, I'd like to bring this up anyway.
It seems that a new Google Chrome policy encourages SSL CAs to stop issuing certificates that
support both client and server authentication (and drop the client authentication feature):
*
https://www.thesslstore.com/blog/chrome-ssl-certificate-client-authentication-ends-june-2026
* https://googlechrome.github.io/chromerootprogram/
I'm aware that many registries do issue their own EPP client certs via their private CA, so there's
no problem there.
However, many other registries (like Verisign for example) expect registrars to use EPP client
certificates issued by public CAs, which (once reissued) could stop working without the "client
auth" feature in place.
What do affected registry operators on this list think about this?
Are there any plans to either
* accept client certs without the "client auth" flag (seems fishy) or
* switch to issuing certificates using a private CA?
Best regards,
Thomas Corte
--
TANGO REGISTRY SERVICES® is a product of:
Knipp Medien und Kommunikation GmbH
Technologiepark Phone: +49 231 9703-222
Martin-Schmeisser-Weg 9 Fax: +49 231 9703-200
D-44227 Dortmund E-Mail: [email protected]
Germany
_______________________________________________
regext mailing list -- [email protected]
To unsubscribe send an email to [email protected]
