[cryptography] Allergy for client certificates

Guido Witmond guido at witmond.nl
Mon Sep 30 12:55:53 EDT 2013


On 09/30/13 17:43, Adam Back wrote:
> Anyway and all that because we are seemingly alergic to using client side
> keys which kill the password problem dead.  


Hi Adam,

I wondered about that 'allergy' myself. I have some ideas about that and
I'm curious to learn about other.

Here are mine:

1. The long standing belief is that client systems are untrustworthy.

Any malware will go after the client certificates. So without proper
sandboxing, capability-security and other partitioning mechanisms, the
user is toast.

The most popular consumer-OS was (is?) also the most leaky.
Where was The Hurd when we needed it? Why did people fall for Unix when
Multics was so much better?

2. It's easier to change a password in a database than to talk the user
through creating an submitting a new pub/priv key pair.

3. The crypto-programs were too diffucult to use. Requiring end users to
make trust decisions about entities they never heard of. Who is Verisign
and why should I trust them

4. Client certificates from the big CA-peddlers are akin digital
passports, eliminating all non-repudiation. Ie, a privacy problem.

5. Only recently, computers have become powerful enough to encrypt
everything, all the time. Now we can afford to burn cpu cycles on
encryption without getting usability to suffer.


Guido.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130930/606d66bf/attachment.asc>


More information about the cryptography mailing list