[cryptography] Client TLS Certificates - why not?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Mar 4 03:30:59 EST 2013


<strife at riseup.net> writes:

>Can anyone enlighten me why client TLS certificates are used so rarely? It
>used to be a hassle in the past

They're still a huge pain to work with, and probably always will be.  If you
don't believe me, go to your mother, sit her in front of a computer, sit
behind her with your arms crossed so you can't point to anything or type stuff
out for her, and walk her through the process of acquiring and using one
without leaving your chair or performing any part of the operation for her.

Now imagine getting her to do the same using only a sheet of instructions
you've written.

Whenever anyone asks "why aren't certificates/smart cards/whatever used more?"
they should be required to go through this exercise, and then they will be
enlightened.

NB: Remember to switch to a fresh mother every time you re-try this
    experiment with some new technology.

Peter.



More information about the cryptography mailing list