[Cryptography] Client certificates as a defense against MITM attacks
Hanno Böck
hanno at hboeck.de
Sun Mar 16 14:51:11 EDT 2014
On Sun, 16 Mar 2014 09:56:33 -0400
Jerry Leichter <leichter at lrw.com> wrote:
> Am I missing something obvious here?
Yes. We had this technology for ages and nobody is using it.
The problem is: Users don't use a single browser. And transferring
certs from one browser to another is hard in a user-friendly and secure
way. Just think of internet cafes or people using random foreign
computers to log into their webmail. (that's a security nightmare on
its own without any relation to tls, but that's the way it is)
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140316/e9af86fd/attachment.pgp>
More information about the cryptography
mailing list