Google didn't force lets encrypt to totally get out of the client cert business, they just decided it wasn't worth the effort anymore.
Google didn't force lets encrypt to totally get out of the client cert business, they just decided it wasn't worth the effort anymore.
Publicly-trusted client authentication does nothing. It's not a thing that should exist, or is needed.
Feel free to start your own non-profit to issue client certs signed by a public authority.
As LE says, most users of client certs are doing mtls and so self-signed is fine.
> they just decided it wasn't worth the effort anymore
That seems disingenuous. Doesn't being in the client cert business now require a lot of extra effort that it didn't before, due entirely to Google's new rule?
No, not really. Unless you consider basic accountability "extra effort".