[cryptography] Client TLS Certificates - why not?

Tony Arcieri tony.arcieri at gmail.com
Mon Mar 4 18:22:16 EST 2013

On Sun, Mar 3, 2013 at 11:22 PM, <strife at riseup.net> wrote:

> Hi,
> Can anyone enlighten me why client TLS certificates are used so rarely? It
> used to be a hassle in the past, but now at least the major browsers offer
> quite decent client cert support, and seeing how most people struggle with
> passwords, I don't see why client certs could not be beneficial even to
> "ordinary users".

Not sure what your idea of "quite decent client cert support" is, however I
don't think this is the case:

1) It's not easy for users to use client certs instead of passwords. Try to
build a demo of a site that makes use of client certs for logging in. I
think you'll find it an exercise in frustration
2) It's not easy to move client certs around from browser-to-browser, e.g.
if you want to log into the same site from multiple browsers (the sync
features of Chrome and Firefox could potentially make this easier)
3) There's no uniform API for managing client certs from JavaScript

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130304/7234cbb1/attachment.html>

More information about the cryptography mailing list