[Cryptography] On the deployment of client-side certs

Christian Huitema huitema at huitema.net
Tue Nov 15 14:38:57 EST 2016

On Monday, November 14, 2016 11:59 PM, Pieter Rogaar wrote:

> In today's threat models, there is also the metadata angle to consider. 


> Client certificates are exchanged before the TLS connection is encrypted. 
> Therefore, any information in the client certificate is sent in the clear. 
> For server-to-server, this may be acceptable, but for regular clients: no. 
> In this sense, client certificates are a definite step back from the 
> web-based authentication to which we have become accustomed.

That could of course be fixed, and client certificates will be sent encrypted in TLS 1.3. But there is still a huge metadata problem. In practice, how many certificates do you believe that a client will manage? Also, do you believe that individual users want to be bothered with pop ups like "example.com wants to see your identity, OK or Cancel?" If the answer are "1" and "No", then client certificates are the ultimate tracking cookie. 

-- Christian Huitema

More information about the cryptography mailing list