[whatwg] whatwg Digest, Vol 82, Issue 10

On Fri, 07 Jan 2011 11:11:55 -0000, Glenn Maynard <glenn at zewt.org> wrote:

> I gave it a try earlier, since it was mentioned.  It created my
> account, rejected my CSR, and I got a message saying that I somehow
> failed to create a login certificate, that I'd no longer be able to
> log in, and according to the FAQ the only way to continue would be to
> create a whole new account on a different email address and to ask
> them to manually merge the accounts.  That's broken in countless ways;
> no CA should have such a brittle, half-baked account system.

StartSSL uses client certificates to log in, which theoretically is a  
great idea, as account access (thus security of all its certificates)  
relies on strong cryptography, rather than some custom password-based  
mechanism.

In practice it's not so great, but maybe it's not StartSSL's fault, but  
due to complexity of certificates, inflexibility of <keygen> and very  
rough implementations of it.

-- 
regards, Kornel Lesi?ski

Received on Friday, 7 January 2011 05:49:28 UTC