[cryptography] Client certificates, Tor-exit nodes and renegotiation

Guido Witmond guido at witmond.nl
Fri Mar 14 18:15:46 EDT 2014

On 03/14/14 18:02, Alexandre Anzala-Yamajako wrote:
> It also might be worthwhile to note that Client certification is not
> very common and needs an infrasctructure to generate and deploy. Also
> even if the client certificate is sent encrypted later in the handshake,
> it's size will be noticeable in the handshake (except if we are ready to
> pad certificate-less client messages). A competent and funded
> organization might then have a very small pool of users to choose from
> as to who might be trying to connect a particular server which somewhat
> defeats the purpose of Tor

That's why I pursue the option of using client certificates everywhere,
for everyone. In a way transparent for the end user. Eliminating
passwords as a side effect.

Regards, Guido Witmond.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140314/ab9f32fa/attachment-0001.asc>

More information about the cryptography mailing list