[cryptography] Client TLS Certificates - why not?

Thierry Moreau thierry.moreau at connotech.com
Tue Mar 5 10:59:45 EST 2013

strife at riseup.net wrote:
> Hi,
> Can anyone enlighten me why client TLS certificates are used so rarely? It
> used to be a hassle in the past, but now at least the major browsers offer
> quite decent client cert support, and seeing how most people struggle with
> passwords, I don't see why client certs could not be beneficial even to
> "ordinary users".


If you ask the question, you may be unaware of the many implications 
explained by other contributions. I take a chance at dropping my 
analysis, which is oriented towards innovation in IT security operations.

First of all, there is an abuse of language with the term "client 
certificates": what protects the client is its public-private key pair 
(PPKP). So you may ask yourself "Client PPKP, why not?"

Then you realize that the X.509 certificates come with the complexity of 
the CA operations, and relying parties (server operators now eating the 
same dog food that they served to their end-users).

With the first party certification paradigm, drop the CA operations 
altogether and let the service providers maintain their own trusted 
client PPKP (I mean the client public keys).

The evil is in the details. I found more evils in removing the CA than 
in bringing forward the new paradigms -- the X.509 mindset is in one's 
brain very deep (not only in browser software where it can be 
circumvented easily with auto-issued dummy X.509 security certificates).

Still, the client PPKP usage along with the first party certification 
paradigm is not for an ordinary user if unable to "mind the P and Q's" 
of the RSA core operating principle (I postulated client PPKP usage, I'm 
stuck with client PPKP usage). A realistic goal is to get the 
installation instructions from 60 pages to 10-15 (OK 25-30 if we have to 
undo the X.509 mindset).

Trust at the enrollment phase is obviously delicate and can not be fully 
automated. I'm working on that part.

There are closed PKI deployments using client PPKP in a X.509 
PKI-centric perspective. The cost per user is significant. The 
alternative I am hinting about (a- client PPKP usage b- first party 
certification paradigm c- the enrollment scheme) would be an 
intermediate-level client authentication approach.

So why not PKI client certificates for ordinary users? Because even 
client PPKP usage for ordinary users is hardly conceivable.

> With CAcert, there is even an excellent infrastructure in place that could
> allow people to generate signed pseudonymous client certificates. A
> service provider could limit the amount of certificates allowed per user
> (as validated by CAcert), maybe even the amount of points required etc.
> That way, one could provide services without the requirement of
> registration, and still effectively limit abuse?

That's the early dream of a global PKI. Nowadays, we know more.


- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1

Tel. +1-514-385-5691

More information about the cryptography mailing list