[cryptography] Allergy for client certificates
michael at briarproject.org
Wed Oct 9 09:50:59 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 09/10/13 10:56, Guido Witmond wrote:
> You might want to take a look at my experiments. It's a user agent
> that does all the key management for you.
> It even does it with never asking anything more difficult than
> what username you want to have at a site.
It looks like you've worked around the UX issues by inserting an
EC-aware proxy between the client and server. Who would be responsible
for deploying such proxies?
What happens if a user creates an EC account from a client machine
with an EC-aware proxy and then wants to use the account from a client
machine without a proxy?
This touches on another question I've been meaning to ask you: what
happens if a user creates an account from a client machine, thus
installing a client cert on that machine, and then wants to use the
account from another machine?
Also, what happens if a user installs a client cert on a machine and
then walks away, leaving their client cert exposed to the next user?
With passwords there's an expectation that once you've logged out, the
next user can't log into your account. But client certs break that
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cryptography