[cryptography] Client TLS Certificates - why not?

James A. Donald jamesd at echeque.com
Wed Mar 6 02:16:26 EST 2013

On 2013-03-06 4:41 AM, StealthMonger wrote:
> 2. Prospective customer verification of merchant: Merchant includes
> the ID of its signing key in every advertisement and repeatedly
> admonishes prospects to "Accept No Substitutes".

The key, and the hash of the key, is a long string of random gibberish.  
It should not be visible to end users.  Experience demonstrates that 
showing it repels 99% of end users.

We have to do all the things you describe, without the end user ever 
seeing the key or the hash of the key.

More information about the cryptography mailing list