[Cryptography] Toxic Combination
Guido Witmond
guido at witmond.nl
Fri Dec 5 18:09:14 EST 2014
On 12/05/14 00:46, cryptography-ml at mkern.fastmail.fm wrote:
>> On Wed, Dec 3, 2014 at 1:33 PM, Guido Witmond <guido at witmond.nl>
>> wrote:
>>
>>> - sign client certificates;
>>
>
> Aside from the user experience, client SSL certificates are also bad
> for the user from a privacy point of view. They uniquely identify the
> user to a passive network adversary which leaks a lot of information
> about the user's location and habits. Authenticating the user at the
> application layer once a secure connection has been established
> avoids this problem.
There is no need to authenticate at the application level. There are two
solutions:
1. Tor.
2. TLS renegotiation. First a secure session gets established. The
client's user agent verifies the authenticity of the server. Clients are
anonymous. When the server indicates it need client authenticate, they
start a TLS-renegotiation (over the secure link) so adversaries won't
learn any identities, just IP-addresses. (see point 1).
Regards, Guido.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141206/0b3525c4/attachment.sig>
More information about the cryptography
mailing list