[cryptography] Client TLS Certificates - why not?

Guido Witmond guido at witmond.nl
Mon Mar 4 09:07:56 EST 2013


On 03/04/2013 08:22 AM, strife at riseup.net wrote:
> Hi,
>
> Can anyone enlighten me why client TLS certificates are used so rarely? It
> used to be a hassle in the past, but now at least the major browsers offer
> quite decent client cert support, and seeing how most people struggle with
> passwords, I don't see why client certs could not be beneficial even to
> "ordinary users".

Hi Strife,

I'ld like to add a few cents too:

The whole x509 client and server certificates were designed to be used 
with a global directory, called x500. The idea is that you can lookup 
the key of person you want to communicate to. Although this 'secures' 
the communication against tampering and keeps the contents confidential, 
it lacks three properties:
- there is no way to securely communicate with total strangers; you need 
to know their name
- privacy: every person has one-true-certificate-to-bind-them;
- repudiation: there is no way deny writing a message; leading to self 
censoring.

In other words, everything I sign with my Thawte client certificate is 
tied to my identity *for life*. That's why I don't use that thing. In 
fact, I've long since lost the private key for it. With password based 
accounts, I can decide to write under any pseudonym and keep control of 
my privacy, at the price of having the hassle with passwords.

I've tried to write a blog[1] on it.


Another reason why the Crypto-heaven did not materialise is that the 
current crop of operating systems is completely unfit to protect the 
user's interests. As soon as one piece of malware is inside, it's not 
your computer anymore. And with that the malware can abuse your 
expensive client certificate at will.

I believe only micro-kernel operating systems with POLA security layers 
on top of that can bring solace.
See Qubes-OS, Genode, Minix. Without such security any progress to use 
cryptography is doomed. See 'Dancing Pwnies' on wikipedia.

IanG and Peter Gutmann are completely correct that usability is key. 
Browsers have a long way to go. For example, log in at CAcert with your 
client certificate. That's easy. Now try to log out. That's impossible. 
The only thing you can do is to close your browser. Losing all other 
open tabs with it.



I've come up with a way to get out of this mess. I call it Eccentric 
Authentication.[2]

It's a protocol that will provide pseudonymous client certificates, 
eliminates passwords, allows total strangers to communicate securely at 
a dating site. With the addition of a *Cryptographic Same Origin Policy* 
we can end CRSF, block the most obnoxious advertisment-spies while still 
allowing CDN-networks, javascript-applications. I've designed a fully 
anonymous dating site where you _can_ limit abuse.

I've written about that too. In fact, my whole website handles about it. 
Feel free to explore and ask if things are not clear.

Cheers, Guido Witmond.

1: http://witmond.nl/blog/2012/11/21/why-we-still-use-passwords.html
2: http://witmond.nl/ecca/ecca.html





More information about the cryptography mailing list