Client Certificate UI for Chrome?
Frank Siebenlist
franks at mcs.anl.gov
Mon Aug 10 17:51:46 EDT 2009
[Moderator's note: top posting considered harmful:
http://www.mail-archive.com/cryptography@metzdowd.com/msg09287.html
--Perry]
Just to complicate things a little... we're working with a number of
groups now who are using onlineCAs that issue short-lived x509 certs
derived from a primary authN mechanism like passwords or OTP.
It would be great to bake that functionality into chrome: use TLS-SRP/
PSK to authN to an onlineCA to obtain your short-lived cert in real-
time.
-Frank.
On Aug 6, 2009, at 5:49 AM, Peter Gutmann wrote:
> Ben Laurie <benl at google.com> writes:
>
>> So, I've heard many complaints over the years about how the UI for
>> client certificates sucks. Now's your chance to fix that problem -
>> we're in the process of thinking about new client cert UI for Chrome,
>> and welcome any input you might have. Obviously fully-baked proposals
>> are more likely to get attention than vague suggestions.
>
> This is predicated on the assumption that it's possible to make
> certificates
> usable for general users. All the empirical evidence we have to
> date seems to
> point to this not being the case. Wouldn't it be better to say
> "What can we
> do to replace certificates with something that works?", for example
> TLS-SRP
> or TLS-PSK?
>
> Peter.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
---
Frank Siebenlist - franks at mcs.anl.gov
The Globus Alliance | Argonne National Laboratory | University of
Chicago
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list