[cryptography] Client TLS Certificates - why not?
thierry.moreau at connotech.com
Tue Mar 5 10:59:45 EST 2013
strife at riseup.net wrote:
> Can anyone enlighten me why client TLS certificates are used so rarely? It
> used to be a hassle in the past, but now at least the major browsers offer
> quite decent client cert support, and seeing how most people struggle with
> passwords, I don't see why client certs could not be beneficial even to
> "ordinary users".
If you ask the question, you may be unaware of the many implications
explained by other contributions. I take a chance at dropping my
analysis, which is oriented towards innovation in IT security operations.
First of all, there is an abuse of language with the term "client
certificates": what protects the client is its public-private key pair
(PPKP). So you may ask yourself "Client PPKP, why not?"
Then you realize that the X.509 certificates come with the complexity of
the CA operations, and relying parties (server operators now eating the
same dog food that they served to their end-users).
With the first party certification paradigm, drop the CA operations
altogether and let the service providers maintain their own trusted
client PPKP (I mean the client public keys).
The evil is in the details. I found more evils in removing the CA than
in bringing forward the new paradigms -- the X.509 mindset is in one's
brain very deep (not only in browser software where it can be
circumvented easily with auto-issued dummy X.509 security certificates).
Still, the client PPKP usage along with the first party certification
paradigm is not for an ordinary user if unable to "mind the P and Q's"
of the RSA core operating principle (I postulated client PPKP usage, I'm
stuck with client PPKP usage). A realistic goal is to get the
installation instructions from 60 pages to 10-15 (OK 25-30 if we have to
undo the X.509 mindset).
Trust at the enrollment phase is obviously delicate and can not be fully
automated. I'm working on that part.
There are closed PKI deployments using client PPKP in a X.509
PKI-centric perspective. The cost per user is significant. The
alternative I am hinting about (a- client PPKP usage b- first party
certification paradigm c- the enrollment scheme) would be an
intermediate-level client authentication approach.
So why not PKI client certificates for ordinary users? Because even
client PPKP usage for ordinary users is hardly conceivable.
> With CAcert, there is even an excellent infrastructure in place that could
> allow people to generate signed pseudonymous client certificates. A
> service provider could limit the amount of certificates allowed per user
> (as validated by CAcert), maybe even the amount of points required etc.
> That way, one could provide services without the requirement of
> registration, and still effectively limit abuse?
That's the early dream of a global PKI. Nowadays, we know more.
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
More information about the cryptography