It is not pragmatic to design your protocol for web use cases when it's not the web.
Unless im missing something, this is a poor design full stop. How are they validating SAN on these client certificates?
alt Hacker News
Unless im missing something, this is a poor design full stop. How are they validating SAN on these client certificates?