[cryptography] phishing/password end-game (Re: Why anon-DH ...)

Thierry Moreau thierry.moreau at connotech.com
Thu Jan 17 18:43:04 EST 2013


James A. Donald wrote:
> On 2013-01-18 1:17 AM, Thierry Moreau wrote:
>> First, replace "client certificate" by client PPKP (public-private
>> key pair) and be ready for a significant training exercise. The
>> more the trainee knows about X.509, the greater challenge for the
>> trainer. 
> 
> It has been decisively and repeatedly demonstrated that X.509 leads to a 
> completely unusable client side interface.
> 

This is a fact. That should be irrelevant ...

> I assume that was your point.
> 

The point above is about training users to handle a public-private key 
pair without reference to X.509 stuff (except as a required file 
format). Maybe you already know too much about X.509. Ignoring all of it 
may be difficult.

-- 
- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1

Tel. +1-514-385-5691



More information about the cryptography mailing list