I was about to say signing client keys with a master key was a good idea. It would remove the need for a cloud sync as once set up, the browsers would inherit the access from the master key without the need for synchronization.
Then, yes, re-use would allow for tracking across websites. So maybe not such a great idea. Maybe the compromise is not a cert per service, but a cert per identity (in the loosest possible sense of the word). Maybe your social media accounts where you are you are under one, and your reddit and slashdot accounts under another, etc. If it's possible to have the keys available on the devices you need without having anything on a server not controlled by the owner of the keys, that is the best case scenario, but if new identities are created "at runtime" (i.e. after the inital setup of the device) then those keys need to find their way into the other devices. With a smartcard, this is as easy as plugging the smartcard into the device you're using, but - another thought - would probably mean requiring multiple smartcards as I am logged into my email on about 4 different devices at a time. I'm not sure with TLS client authentication if it just tries all the personal keys it has or if the server advertises which keys would be accepted. I'm guessing it'll be the former so even if there is one key per service, the other certs would still become known to the server when authentication using them is attempted? Iain. -- Iain R. Learmonth MBCS Electronics Research Group School of Engineering University of Aberdeen Kings College Aberdeen AB24 3UE Tel: +44 1224 27 2799 The University of Aberdeen is a charity registered in Scotland No.SCO13683 ________________________________________ From: Ben Laurie <[email protected]> Sent: 13 November 2013 14:47 To: Learmonth, Iain Ross Cc: Robin Wilton; perpass Subject: Re: [perpass] Stopping password sniffing On 13 November 2013 13:26, Learmonth, Iain Ross <[email protected]> wrote: > Another another thought - Is it a good idea to use multiple certs for > different services or just one for all? Reuse shouldn't be a problem here but > there may be cases I'm not thinking of. It would probably be a good idea to > allow for switching "profiles" which would use a different cert store (in > case of multiple accounts on one service provider). The problem with re-use is that it introduces a pretty big privacy problem. So, I'd say a cert per service. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
