[cryptography] Client TLS Certificates - why not?

dan at geer.org dan at geer.org
Mon Mar 4 10:25:38 EST 2013


With respect to:

>...
> - repudiation: there is no way deny writing a message; leading to self 
> censoring.
> 
> In other words, everything I sign with my Thawte client certificate is 
> tied to my identity *for life*. That's why I don't use that thing. In 
> fact, I've long since lost the private key for it. With password based 
> accounts, I can decide to write under any pseudonym and keep control of 
> my privacy, at the price of having the hassle with passwords.
>
> I've tried to write a blog[1] on it.
>...
> witmond.nl/blog/2012/11/21/why-we-still-use-passwords.html

I agree with you entirely.  Though tangential enough to
perhaps be off-topic, I wrote on the same theme last month.

Identity as Privacy
geer.tinho.net/ieee/ieee.sp.geer.1301b.pdf

--dan




More information about the cryptography mailing list