[Cryptography] Client certificates as a defense against MITM attacks

Thierry Moreau thierry.moreau at connotech.com
Mon Mar 17 08:43:59 EDT 2014

On 03/16/14 13:56, Jerry Leichter wrote:
> Am I missing something obvious here?

Maybe you merely (re-)invented the HTML cookie holding the client 
private key.

More or less explicitly, the "first party certification paradigm" seems 
attractive to you: no CA-in-the-loop for server trust in client public keys.

- Thierry Moreau

More information about the cryptography mailing list