On Wed, Apr 01, 2026 at 07:36:44PM -0400, Mike Shaver wrote: > On Wed, Apr 1, 2026 at 6:53 PM Nico Williams <[email protected]> wrote: > > > Though someone just wrote me off-list that: > > > > | I know at least of GlobalSign Client Authentication Root R45 and > > | GlobalSign Client Authentication Root E45 (but have no experience with > > | them). > > | > > | > > https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates > > > > So perhaps not all CAs have exited that market. But this is just their > > root certificates; I've not yet found how to get a client certificate > > from them nor how much it costs. > > That seems like research that might inform your future position on these > matters. Multiple CAs are offering client auth certs under separate roots, > and servers are welcome to trust the roots in question if they wish to > participate in that particular PKI.
I did a search a few days ago and could not find these, but did find that some CAs had exited the market. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
