On Mon, Aug 10, 2009 at 6:35 PM, Peter Gutmann<pgut...@cs.auckland.ac.nz> wrote: > More generally, I can't see that implementing client-side certs gives you much > of anything in return for the massive amount of effort required because the > problem is a lack of server auth, not of client auth. If I'm a phisher then I > set up my bogus web site, get the user's certificate-based client auth > message, throw it away, and report successful auth to the client. The browser > then displays some sort of indicator that the high-security certificate auth > was successful, and the user can feel more confident than usual in entering > their credit card details. All you're doing is building even more substrate > for phishing attacks. > > Without simultaneous mutual auth, which -SRP/-PSK provide but PKI doesn't, > you're not getting any improvement, and potentially just making things worse > by giving users a false sense of security.
I certainly agree that if the problem you are trying to solve is server authentication, then client certs don't get you very far. I find it hard to feel very surprised by this conclusion. If the problem you are trying to solve is client authentication then client certs have some obvious value. That said, I do tend to agree that mutual auth is also a good avenue to pursue, and the UI you describe fits right in with Chrome's UI in other areas. Perhaps I'll give it a try. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com