Today I was in a meeting with Swedish bank-people. They told me that they are planning exodus from TLS-client-cert-auth because it (in their opinion) works really bad. The banks will replace TLS-client-cert-auth with a proprietary auth client that is very similar to their current signature client.
Although the addition of a proprietary auth software is somewhat sad, it doesn't really matter since the signature client anyway is unique (must be since there is no standard for this). So what's the problem with TLS-client-cert-auth? Maybe because - it matches poorly with web sessions including logout - the GUI look like c--p - it offers no branding capability - it require PIN caching for smart cards - it is poorly implemented in many browsers with respect to path building - it offers very limited filtering capability Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto