On 07/28/2013 11:49 PM, Tom Metro wrote:
Elsewhere today there was a thread mentioning StarSSL. They take an interesting approach to site security. They don't use passwords. As part of the process of getting your SSL certificate, they generate a client-side SSL certificate that you install in your browser.
Now I have to trust that my browser will keep that file securely. Steal that file and you are in. It doesn't solve the problem, but shifts it to a little used feature browser that is likely little audited for security and might be full of holes.
-kb _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
