On Tue, Sep 14, 2010 at 13:29, Ian G <[email protected]> wrote: > On 14/09/10 2:26 PM, Marsh Ray wrote: >> >> On 09/13/2010 07:24 PM, Ian G wrote: > >>> 1. In your initial account creation / login, trigger a creation of a >>> client certificate in the browser. >> >> There may be a way to get a browser to generate a cert or CSR, but I >> don't know it. But you can simply generate it at the server side. > > Just to be frank here, I'm also not sure what the implementation details are > here. I somewhat avoided implementation until it becomes useful.
The French government has been doing this using Java applets for the last decade (at least). This allows the happy French tax payers to generate their own CSRs and have them automatically signed by the tax administration in one swoop. This might be the only large scale deployment of client-side certificates in browsers I know of. (And I'd certainly like to hear about others.) -- Erwan Legrand --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
