[cryptography] Allergy for client certificates
thierry.moreau at connotech.com
Fri Oct 11 08:52:46 EDT 2013
Guido Witmond wrote (in reference to eccentric authentication):
> Another (not a killer)-feature (for users) is that they are in control
> of the account. When they delete the private key, their account is
> closed. No one else can come later and claim the account. Unless they
> copied the private key beforehand.
Some reality check may turn this from a feature into a serious flaw:
it's account continuity that matters to server-vendors and
client-customers as well.
Server: a very good customer account vanishes suddenly and pops up as a
new account (which one?) among the 200 or so that made a first
transaction during the next week. Even the vanishing event can not be
Client: I relied on the server to keep track of past purchase details,
and for a crypto-&?%# reason (do I care?) I lost them. Even worse, I
can't create a new account with my real name (it says it's already
enrolled while in fact it no longer works).
Solving this issue in your experiment is going to re-introduce much of
the PKI complexity.
Sorry for asking tough questions, but maybe they would pop up sooner or
later if this experiment goes forward.
- Thierry Moreau
More information about the cryptography