[Cryptography] Client certificates as a defense against MITM attacks

Hanno Böck hanno at hboeck.de
Sun Mar 16 14:51:11 EDT 2014

On Sun, 16 Mar 2014 09:56:33 -0400
Jerry Leichter <leichter at lrw.com> wrote:

> Am I missing something obvious here?

Yes. We had this technology for ages and nobody is using it.

The problem is: Users don't use a single browser. And transferring
certs from one browser to another is hard in a user-friendly and secure
way. Just think of internet cafes or people using random foreign
computers to log into their webmail. (that's a security nightmare on
its own without any relation to tls, but that's the way it is)

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140316/e9af86fd/attachment.pgp>

More information about the cryptography mailing list