[cryptography] Client TLS Certificates - why not?
James A. Donald
jamesd at echeque.com
Wed Mar 6 02:16:26 EST 2013
On 2013-03-06 4:41 AM, StealthMonger wrote:
> 2. Prospective customer verification of merchant: Merchant includes
> the ID of its signing key in every advertisement and repeatedly
> admonishes prospects to "Accept No Substitutes".
The key, and the hash of the key, is a long string of random gibberish.
It should not be visible to end users. Experience demonstrates that
showing it repels 99% of end users.
We have to do all the things you describe, without the end user ever
seeing the key or the hash of the key.
More information about the cryptography