I just read the current version (2.2) of the ISRG Certification Practice Statement which says that the extendedKeyUsage extension of DV-SSL End Entity Certificates contains the OIDs for “TLS Server Authentication” and “TLS Client Authentication”. It seems pretty obvious that a TLS server certificate has to contain the “TLS Server Authentication” OID but I wonder why the “TLS Client Authentication” OID is also included.
Of course I can imagine situations where a server uses a backend service which requires TLS client authentication. Using your already issued server certificate for this purpose could come in very handy but allowing any Let’s Encrypt issued certificate to access a sensitive backend service hardly makes sense. One could of course restrict the allowed clients further by for instance checking the client certificate’s thumbprint but with a validity period of just 90 days for any Let’s encrypt issued certificate this is not an ideal solution.
I am aware that not only Let’s Encrypt but a lot (all?) of the major CAs issue their server certificates with an EKU that includes “TLS Client Authentication” but I simply do not understand why. is the scenario described above the reason for that or am I missing something?