[cryptography] Allergy for client certificates

Michael Rogers michael at briarproject.org
Wed Oct 9 09:50:59 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/10/13 10:56, Guido Witmond wrote:
> You might want to take a look at my experiments. It's a user agent
> that does all the key management for you.
> 
> It even does it with never asking anything more difficult than
> what username you want to have at a site.

Hi Guido,

It looks like you've worked around the UX issues by inserting an
EC-aware proxy between the client and server. Who would be responsible
for deploying such proxies?

What happens if a user creates an EC account from a client machine
with an EC-aware proxy and then wants to use the account from a client
machine without a proxy?

This touches on another question I've been meaning to ask you: what
happens if a user creates an account from a client machine, thus
installing a client cert on that machine, and then wants to use the
account from another machine?

Also, what happens if a user installs a client cert on a machine and
then walks away, leaving their client cert exposed to the next user?
With passwords there's an expectation that once you've logged out, the
next user can't log into your account. But client certs break that
expectation.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSVV9DAAoJEBEET9GfxSfMSYUIALt6UPDE+mp2hIKWPJeOX//z
rQ3Z4Jut/kU5NIIf3B0jdq/wjBz4kaY/M5t6DfiHIfRdQ0kXePg7izgoqnx5JRSm
kcSS4WXHrxga0g2eGbZSrkmlh0sZOhIA09BgZiRF6Ux3f2QMUrEv0NVmQZLK5Rp3
TKAulMRfw7+38Bis7IvSL9qKtzUXLmPK36NYvHG3Pzeg1da1yxeeElXdy9ZGWrmq
AU4Y/hg/DWLgV58dMkXg5rY6jetUAUzGNUJMwKrqVcMz7+ZDc6JaQ8uR2MXtehAf
cLChx2wCsV0b7mw1Fub4qQD+jYVqh+tWleVjLd1EcG46hGXLM03+JnC4fXvj20k=
=xBwX
-----END PGP SIGNATURE-----


More information about the cryptography mailing list