On 14/09/2010 12:29, Ian G wrote: > On 14/09/10 2:26 PM, Marsh Ray wrote: >> On 09/13/2010 07:24 PM, Ian G wrote: > >>> 1. In your initial account creation / login, trigger a creation of a >>> client certificate in the browser. >> >> There may be a way to get a browser to generate a cert or CSR, but I >> don't know it. But you can simply generate it at the server side. > > Just to be frank here, I'm also not sure what the implementation details > are here. I somewhat avoided implementation until it becomes useful.
FWIW, you can get browsers to generate CSRs and eat the resulting certs. The actual UIs vary from appalling to terrible. Of some interest to me is the approach I saw recently (confusingly named WebID) of a pure Javascript implementation (yes, TLS in JS, apparently), allowing UI to be completely controlled by the issuer. Ultimately this approach seems too risky for real use, but it could be used to prototype UI, perhaps finally leading to something usable in browsers. Slide deck here: http://payswarm.com/slides/webid/#(1) (note, videos use flash, I think, so probably won't work for anyone with their eye on the ball). Demo here: https://webid.digitalbazaar.com/manage/ Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com