[cryptography] Client certificates, Tor-exit nodes and renegotiation
guido at witmond.nl
Fri Mar 14 18:15:46 EDT 2014
On 03/14/14 18:02, Alexandre Anzala-Yamajako wrote:
> It also might be worthwhile to note that Client certification is not
> very common and needs an infrasctructure to generate and deploy. Also
> even if the client certificate is sent encrypted later in the handshake,
> it's size will be noticeable in the handshake (except if we are ready to
> pad certificate-less client messages). A competent and funded
> organization might then have a very small pool of users to choose from
> as to who might be trying to connect a particular server which somewhat
> defeats the purpose of Tor
That's why I pursue the option of using client certificates everywhere,
for everyone. In a way transparent for the end user. Eliminating
passwords as a side effect.
Regards, Guido Witmond.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 897 bytes
Desc: OpenPGP digital signature
More information about the cryptography