- From: Jeffrey Walton <noloader@gmail.com>
- Date: Sun, 17 Mar 2013 16:02:49 -0400
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: public-webcrypto-comments@w3.org
On Sat, Mar 16, 2013 at 2:30 AM, Anders Rundgren
<anders.rundgren@telia.com> wrote:
> I don't claim to have full insight in anything but one thing I do know: client-certificates are usually referred to in the same context as _secure_key-storage_ but the latter reached a complete standstill more than a _decade_ ago.
>
The problem appears to be usability, which might explain the
standstill. See, for example, the recent discussion "Client TLS
Certificates - why not?",
http://lists.randombit.net/pipermail/cryptography/2013-March/003946.html:
Can anyone enlighten me why client TLS
certificates are used so rarely? It used to
be a hassle in the past, but now at least
the major browsers offer quite decent client
cert support, and seeing how most people
struggle with passwords, I don't see why
client certs could not be beneficial even
to "ordinary users".
The threaded view is available at
http://lists.randombit.net/pipermail/cryptography/2013-March/thread.html.
Jeff
Received on Sunday, 17 March 2013 20:03:17 UTC