Phillip Hallam-Baker wrote: > Going back to this thread because nobody seems to have addressed the > real issue - usability.
And no one addressed another real issue: Bad software quality - especially regarding error handling. If something goes wrong at TLS level (maybe with or without client certs) you cannot simply reset its TLS state. You have to restart the browser. This is only one minor detail why client certs are not used. Ciao, Michael. (currently playing around again with a PKI product which uses client certs and crypto token) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy