[cryptography] Client TLS Certificates - why not?
guido at witmond.nl
Mon Mar 4 09:07:56 EST 2013
On 03/04/2013 08:22 AM, strife at riseup.net wrote:
> Can anyone enlighten me why client TLS certificates are used so rarely? It
> used to be a hassle in the past, but now at least the major browsers offer
> quite decent client cert support, and seeing how most people struggle with
> passwords, I don't see why client certs could not be beneficial even to
> "ordinary users".
I'ld like to add a few cents too:
The whole x509 client and server certificates were designed to be used
with a global directory, called x500. The idea is that you can lookup
the key of person you want to communicate to. Although this 'secures'
the communication against tampering and keeps the contents confidential,
it lacks three properties:
- there is no way to securely communicate with total strangers; you need
to know their name
- privacy: every person has one-true-certificate-to-bind-them;
- repudiation: there is no way deny writing a message; leading to self
In other words, everything I sign with my Thawte client certificate is
tied to my identity *for life*. That's why I don't use that thing. In
fact, I've long since lost the private key for it. With password based
accounts, I can decide to write under any pseudonym and keep control of
my privacy, at the price of having the hassle with passwords.
I've tried to write a blog on it.
Another reason why the Crypto-heaven did not materialise is that the
current crop of operating systems is completely unfit to protect the
user's interests. As soon as one piece of malware is inside, it's not
your computer anymore. And with that the malware can abuse your
expensive client certificate at will.
I believe only micro-kernel operating systems with POLA security layers
on top of that can bring solace.
See Qubes-OS, Genode, Minix. Without such security any progress to use
cryptography is doomed. See 'Dancing Pwnies' on wikipedia.
IanG and Peter Gutmann are completely correct that usability is key.
Browsers have a long way to go. For example, log in at CAcert with your
client certificate. That's easy. Now try to log out. That's impossible.
The only thing you can do is to close your browser. Losing all other
open tabs with it.
I've come up with a way to get out of this mess. I call it Eccentric
It's a protocol that will provide pseudonymous client certificates,
eliminates passwords, allows total strangers to communicate securely at
a dating site. With the addition of a *Cryptographic Same Origin Policy*
we can end CRSF, block the most obnoxious advertisment-spies while still
anonymous dating site where you _can_ limit abuse.
I've written about that too. In fact, my whole website handles about it.
Feel free to explore and ask if things are not clear.
Cheers, Guido Witmond.
More information about the cryptography