Re: [TLS] [EXTERNAL] Re: Servers sending CA names

Viktor Dukhovni <> Wed, 19 April 2023 02:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AF96EC14CE44 for <>; Tue, 18 Apr 2023 19:59:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FiBklOMjLv9n for <>; Tue, 18 Apr 2023 19:59:11 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id C6FB9C14CE2C for <>; Tue, 18 Apr 2023 19:59:11 -0700 (PDT)
Received: by (Postfix, from userid 1001) id E4C3F125153; Tue, 18 Apr 2023 22:59:09 -0400 (EDT)
Date: Tue, 18 Apr 2023 22:59:09 -0400
From: Viktor Dukhovni <>
Message-ID: <>
References: <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [TLS] [EXTERNAL] Re: Servers sending CA names
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Apr 2023 02:59:15 -0000

On Tue, Apr 18, 2023 at 09:06:40PM -0300, Soni L. wrote:

> That seems particularly useful for federated networks (XMPP, etc). Why 
> not call these server-to-server certs?

That's basically it.  At least in OpenSSL, when a EKU extension is
present in the client certificate, it must allow client authentication
for the certificate check to pass validation.

However, some applications don't "validate" client certificates relative
to any trust anchor, and instead maintain explicit access control lists
of suitably authorised public keys (or enclosing certificates).

One low-volume, but actually employed use-case is
nullclient-to-smarthost MTA-to-MTA authentication, hence Postfix support
for relay access via client public key or cerificate fingerprints.

The client certificate EKU is then irrelevant, but IIRC basicConstraints
may be enforced at the TLS layer (the certificate may need to be valid
for keyAgreement, the problem goes away with raw public keys :-).