[cryptography] Client TLS Certificates - why not?

strife at riseup.net strife at riseup.net
Mon Mar 4 02:22:11 EST 2013


Can anyone enlighten me why client TLS certificates are used so rarely? It
used to be a hassle in the past, but now at least the major browsers offer
quite decent client cert support, and seeing how most people struggle with
passwords, I don't see why client certs could not be beneficial even to
"ordinary users".

With CAcert, there is even an excellent infrastructure in place that could
allow people to generate signed pseudonymous client certificates. A
service provider could limit the amount of certificates allowed per user
(as validated by CAcert), maybe even the amount of points required etc.

That way, one could provide services without the requirement of
registration, and still effectively limit abuse?


More information about the cryptography mailing list