[cryptography] Client TLS Certificates - why not?

dan at geer.org dan at geer.org
Mon Mar 4 10:25:38 EST 2013

With respect to:

> - repudiation: there is no way deny writing a message; leading to self 
> censoring.
> In other words, everything I sign with my Thawte client certificate is 
> tied to my identity *for life*. That's why I don't use that thing. In 
> fact, I've long since lost the private key for it. With password based 
> accounts, I can decide to write under any pseudonym and keep control of 
> my privacy, at the price of having the hassle with passwords.
> I've tried to write a blog[1] on it.
> witmond.nl/blog/2012/11/21/why-we-still-use-passwords.html

I agree with you entirely.  Though tangential enough to
perhaps be off-topic, I wrote on the same theme last month.

Identity as Privacy


More information about the cryptography mailing list