Peter Gutmann wrote:
> This is predicated on the assumption that it's
> possible to make certificates usable for general
> users.  All the empirical evidence we have to date
> seems to point to this not being the case.  Wouldn't
> it be better to say "What can we do to replace
> certificates with something that works?", for example

For password-authenticated key agreement such as TLS-SRP
or TLS-PSK to work, login has to be in the chrome.

Of course, for certificate distribution to work, we also
need password-authenticated key agreement in the chrome,
for in practice, certificates are distributed via
username and password based logins, making their use
case necessarily small.  No matter what we do with
certificates, have to fix username and password based
logins first.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to