[Cryptography] Client certificates as a defense against MITM attacks

Viktor Dukhovni cryptography at dukhovni.org
Sun Mar 16 19:45:18 EDT 2014

On Sun, Mar 16, 2014 at 07:51:11PM +0100, Hanno B?ck wrote:

> The problem is: Users don't use a single browser. And transferring
> certs from one browser to another is hard in a user-friendly and secure
> way.

One potential approach is for the server to store the client PKCS12
bundle encrypted with a strong user password unknown to the server.
The client sends a message with the bundle id and the server returns
the bundle to the client, which the client decrypts...

This is actually more robust than shared secret schemes, because
the the shared secret is asymmetric, the server just solves the
multi-device storage problem for the client.


More information about the cryptography mailing list