CFP: PKI research workshop

Ben Laurie ben at
Thu Dec 27 09:16:33 EST 2001

Nelson Minar wrote:
> >Of course, client side certificates barely even exist, although
> >people made substantial preparation for them early on in the history
> >of all of this.
> I used to be puzzled by this. Then a couple of years ago I went
> through the process of getting a client-side certificate to access my
> student records at MIT. MIT is the only place I've ever seen to
> require client-side certs for authentication, bless 'em.
> It took me 30 minutes to establish a client side certificate, just so
> I could view a web page with my own data on it. *thirty minutes*. And
> I know a lot about cryptography. How would someone who'd never heard
> of a public key do? This was on Netscape 4.0 on Linux. Maybe MSIE
> things have improved since then, but I doubt it. (Anyone know?)

I've never found it particularly hard to generate a client cert in
either Netscape or IE - but the time consuming part is the meatspace
component - verifying your identity to the CA/RA so they'll sign the

Of course, going through all of this to access a single page is silly.
The two useful aspect of client certs (IMNSHO) are firstly that they
allow single sign-on with access control in a way that does not require
all systems to communicate with some central authority and secondly they
give a way to bind an identity (or simply a set of
permissions/privileges/capabilities/whatevers) to a private key.

Of course, if your threat model means you must check a certificate's
validity immediately, then the first advantage is mostly gone. However,
you almost always need the second property, AFAICS, to do anything
useful with PKC.

If you have some kind of entity that binds a private key to some other
stuff, then that is a certificate, IMO. Equating certificates with X.509
is missing the point.

As for the "certificateless" model - all this really does is move the
binding from something you can carry around with you to something that
has to be done by a central authority. It is not clear to me why this is
such a marvellous improvement. Unless you happen to want to own the
central authority, of course, which, unlike certificates and CAs, is far
harder to replicate privately and therefore, presumably, potentially
even more profitable than Verisign's cash cow.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list