- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Mon, 18 Mar 2013 06:12:44 +0100
- To: noloader@gmail.com
- CC: public-webcrypto-comments@w3.org
On 2013-03-17 21:02, Jeffrey Walton wrote: > On Sat, Mar 16, 2013 at 2:30 AM, Anders Rundgren > <anders.rundgren@telia.com> wrote: >> I don't claim to have full insight in anything but one thing I do know: client-certificates are usually referred to in the same context as _secure_key-storage_ but the latter reached a complete standstill more than a _decade_ ago. >> > The problem appears to be usability, which might explain the > standstill. See, for example, the recent discussion "Client TLS > Certificates - why not?", > http://lists.randombit.net/pipermail/cryptography/2013-March/003946.html: > > Can anyone enlighten me why client TLS > certificates are used so rarely? It used to > be a hassle in the past, but now at least > the major browsers offer quite decent client > cert support, and seeing how most people > struggle with passwords, I don't see why > client certs could not be beneficial even > to "ordinary users". > > The threaded view is available at > http://lists.randombit.net/pipermail/cryptography/2013-March/thread.html. This discussion missed the initial pain-point, how to provision a certificate. By the actually pretty large communities of client-certificate-users out there, this has usually been solved by deploying proprietary software since for example Windows doesn't have this functionality, which according to my contacts in Redmond, is "By Design": "There's no business case for consumer authentication using PKI". Anders > > Jeff > >
Received on Monday, 18 March 2013 05:13:25 UTC