Hi Gerv, The top ones that quickly come to mind are things like:-
You can encrypt communications if you have a public/private key pair You can digitally sign (with the full support of digital signature laws) Through federation you can use your ID in multiple places I agree that it would be great for all members of the eco system to work together to improve some of the issues you say are disadvantages, but I do disagree with one of your items. A digital certificate has an end date. A secure key has a battery with no specific end date so one definitely has no warning capability. Thanks Steve > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > [email protected]] On Behalf Of > Gervase Markham > Sent: 25 September 2014 13:29 > To: [email protected] > Subject: Client certs > > A question which occurred to me, and I thought I'd put before an audience of the > wise: > > * What advantages, if any, do client certs have over number-sequence > widgets such as e.g. the HSBC Secure Key, used with SSL? > > http://www.hsbc.co.uk/1/2/customer-support/online-banking-security/secure-ke y > > It seems like they have numerous disadvantages (some subjective): > > * Client certs can be invisibly stolen if a machine is compromised > * Client certs are harder to manage and reason about for an average > person > * Client certs generally expire and need replacing, with no warning > * Client certs are either single-machine, or need a probably-complex > copying process > > What are the advantages? > > Gerv > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
