[Moderator's note: top posting considered harmful:
http://www.mail-archive.com/cryptography@metzdowd.com/msg09287.html
--Perry]
Just to complicate things a little... we're working with a number of
groups now who are using onlineCAs that issue short-lived x509 certs
derived from a primary authN mechanism like passwords or OTP.
It would be great to bake that functionality into chrome: use TLS-SRP/
PSK to authN to an onlineCA to obtain your short-lived cert in real-
time.
-Frank.
On Aug 6, 2009, at 5:49 AM, Peter Gutmann wrote:
Ben Laurie <b...@google.com> writes:
So, I've heard many complaints over the years about how the UI for
client certificates sucks. Now's your chance to fix that problem -
we're in the process of thinking about new client cert UI for Chrome,
and welcome any input you might have. Obviously fully-baked proposals
are more likely to get attention than vague suggestions.
This is predicated on the assumption that it's possible to make
certificates
usable for general users. All the empirical evidence we have to
date seems to
point to this not being the case. Wouldn't it be better to say
"What can we
do to replace certificates with something that works?", for example
TLS-SRP
or TLS-PSK?
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
---
Frank Siebenlist - fra...@mcs.anl.gov
The Globus Alliance | Argonne National Laboratory | University of
Chicago
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com