this post was submitted on 18 May 2025

99 points (99.0% liked)

Linux

8909 readers

389 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

99

Lets Encrypt Ending TLS Client Authentication Certificate Support in 2026 (letsencrypt.org)

submitted 2 months ago by recursive_recursion@lemmy.ca to c/linux@programming.dev

3 comments fedilink hide all child comments

cross-posted from: https://lemmy.bestiver.se/post/390337

Comments

you are viewing a single comment's thread
view the rest of the comments

[–] timbuck2themoon@sh.itjust.works 33 points 2 months ago (1 children)

This change is prompted by changes to Google Chrome’s root program requirements, which impose a June 2026 deadline to split TLS Client and Server Authentication into separate PKIs.

Im curious for Google's reasoning.

[–] just_another_person@lemmy.world 9 points 2 months ago

This honestly is basic security in a number of ways. Separate PKI for every use-case is the standard. Eggs in on ebasket, yadablahwut.

The actual change shouldn't take long for LE to actually do, it's the implication of the thing though. I'd love to see a different tool for enrolling TLS services, or at least a better flow than the existing one.