[Cryptography] On the deployment of client-side certs

John Gilmore gnu at toad.com
Wed Nov 16 03:32:33 EST 2016

> "example.com wants to see your identity, OK or Cancel?"

The whole concept that the user has "an identity" that is somehow
relevant to every website, is part of the problem.

Using the same identity or cert with every website is like using the
same username and password with every website -- a very bad idea for
security and privacy.


More information about the cryptography mailing list