On 2014-09-25 14:29, Gervase Markham wrote:
A question which occurred to me, and I thought I'd put before an
audience of the wise:
* What advantages, if any, do client certs have over number-sequence
widgets such as e.g. the HSBC Secure Key, used with SSL?
You seem to be under the impression that client certificates can't be on
a token.
For instance the Belgian government issues national ID cards with a chip
on them that has a authentication and signature certificate on it and
requires a PIN number. They can then be used to log in on the
government website for instance to fill in your taxes. There are other
websites like hospitals that support it too.
But I would agree that client certificates stored on a computer should
probably be avoided for the general public.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
