[Cryptography] Toxic Combination
guido at witmond.nl
Fri Dec 5 18:09:14 EST 2014
On 12/05/14 00:46, cryptography-ml at mkern.fastmail.fm wrote:
>> On Wed, Dec 3, 2014 at 1:33 PM, Guido Witmond <guido at witmond.nl>
>>> - sign client certificates;
> Aside from the user experience, client SSL certificates are also bad
> for the user from a privacy point of view. They uniquely identify the
> user to a passive network adversary which leaks a lot of information
> about the user's location and habits. Authenticating the user at the
> application layer once a secure connection has been established
> avoids this problem.
There is no need to authenticate at the application level. There are two
2. TLS renegotiation. First a secure session gets established. The
client's user agent verifies the authenticity of the server. Clients are
anonymous. When the server indicates it need client authenticate, they
start a TLS-renegotiation (over the secure link) so adversaries won't
learn any identities, just IP-addresses. (see point 1).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the cryptography