[Cryptography] On the deployment of client-side certs
John Gilmore
gnu at toad.com
Wed Nov 16 03:32:33 EST 2016
> "example.com wants to see your identity, OK or Cancel?"
The whole concept that the user has "an identity" that is somehow
relevant to every website, is part of the problem.
Using the same identity or cert with every website is like using the
same username and password with every website -- a very bad idea for
security and privacy.
John
More information about the cryptography
mailing list