Minimum requirements for client certificates

[colecmac at protonmail.com]

This would be a nice thing to have standardized in the spec.

I don't see why client certs need to have a subject or issuer
though. As long as they are valid certs that can form TLS
connections, than why not? However, it would also make sense
for a service like Astrobotany that relies on the client cert
Common Name to reject certs that don't have one. But that's
application specific.

makeworld