[cryptography] Allergy for client certificates

Michael Rogers michael at briarproject.org
Thu Oct 10 14:12:22 EDT 2013

Hash: SHA1

On 10/10/13 09:29, Guido Witmond wrote:
>> It looks like you've worked around the UX issues by inserting an 
>> EC-aware proxy between the client and server. Who would be
>> responsible for deploying such proxies?
> That proxy lives in the end user's computers. Right now, the user
> needs to install the proxy. I hope to get time and funding to make
> it a Firefox plug in. I hope that when it proofs useful browsers
> will adopt it.

I hope you manage to persuade browsers to support it, because it seems
like it will be difficult to get sites to adopt EA until their users
can reliably expect it to be supported on every machine they use.

(Sorry for referring to EA as EC in my last email!)

My family and friends outside the tech community are quite casual
about logging into their accounts from friends' machines, work
machines, internet cafes, etc. It's all very well for us to say that's
a bad idea, but we can't deny it's convenient to be able to log in
from anywhere with nothing but a password.

I can definitely see the benefits of EA for users who have a few
personal devices that are synced and not shared with other users, and
who value the security of using their own devices more than the
convenience of being able to log in from anywhere. That describes me,
but it doesn't describe most of the people I know.

Perhaps you could think of a killer app for EA that appeals to people
whose habits match the way EA works?


Version: GnuPG v1.4.10 (GNU/Linux)


More information about the cryptography mailing list