It really does work, but unfortunately the support for them in the common browsers is quirky enough that we have our support fun! I can understand why commercial sites shy away.
I have also been involved in efforts to get U.S. Higher Education to start deploying client certificates. The big problem there is that public key encryption appears to require more then the amount of clue that most computer administrators seem to have, so education is a real problem.
-Jeff
Nomen Nescio wrote:
Jeffrey I. Schiller writes:
Oh, and btw, the form posting URL in my message wasn't even https, it was just http. So all the futzing in the world with https wouldn't help!
Of course it would help. Have you been following this discussion at all? The idea is to eliminate passwords as being of any value in getting access to PayPal or other ecommerce sites, by replacing them with client certificates. This implies using https or something cryptographically similar.
pgp00000.pgp
Description: PGP signature
