this post was submitted on 18 May 2025
99 points (99.0% liked)

Linux

8796 readers
563 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
99
Lets Encrypt Ending TLS Client Authentication Certificate Support in 2026 (letsencrypt.org)
submitted 2 months ago by recursive_recursion@lemmy.ca to c/linux@programming.dev
3 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.bestiver.se/post/390337

Comments

top 3 comments
sorted by: hot top controversial new old
[–] timbuck2themoon@sh.itjust.works 33 points 2 months ago (1 children)

This change is prompted by changes to Google Chrome’s root program requirements, which impose a June 2026 deadline to split TLS Client and Server Authentication into separate PKIs.

Im curious for Google's reasoning.

[–] just_another_person@lemmy.world 9 points 2 months ago

This honestly is basic security in a number of ways. Separate PKI for every use-case is the standard. Eggs in on ebasket, yadablahwut.

The actual change shouldn't take long for LE to actually do, it's the implication of the thing though. I'd love to see a different tool for enrolling TLS services, or at least a better flow than the existing one.

[–] oranki@sopuli.xyz 25 points 2 months ago

I've read a lot of outcry about this wrt self-hosted mail servers.

Some say this is fatal, some say it has no effect. Both sides seem to have valid technical arguments. It would be nice to understand the effects better.