Collective answer to Jean-Marc and Michael.
Green messaging :-)
Before going too deep into this you should be aware of the
fact that Microsoft's recently introduced Information Card
scheme also when using a local X.509 certificate to authenticate
to the IdP does not specify TLS-client-cert-auth
On Thu, Aug 28, 2008 at 11:59 PM, Anders Rundgren
[EMAIL PROTECTED] wrote:
Collective answer to Jean-Marc and Michael.
Green messaging :-)
Before going too deep into this you should be aware of the
fact that Microsoft's recently introduced Information Card
scheme also when using a local
Anders Rundgren wrote:
it matches poorly with web sessions including logout
Why should it match application sessions? Because the web application
developers are too dumb to get the session handling right for
themselves? Because the logout does not behave like they are
used with passwords?
, 2008 16:54
Subject: Re: TLS-client-cert-auth in .SE
Anders Rundgren wrote:
it matches poorly with web sessions including logout
Why should it match application sessions? Because the web application
developers are too dumb to get the session handling right for
themselves? Because the logout
Anders Rundgren wrote:
Michael Ströder [EMAIL PROTECTED] wrote
I fail to see how this could be improved by new shiny XML-based protocol
but cannot be improved with the existing protocols (like TLS).
Because the people that works with new shiny XML-based
security protocols are often more
This is probably due to the fact that these efforts are not based on what
the US government needs but what the Internet community needs.
I fail to see who exactly the Internet community is. Maybe that's the
reason I don't understand the problem.
I don't claim to be the definer of this term so
Anders Rundgren wrote:
Today I was in a meeting with Swedish bank-people. They
told me that they are planning exodus from TLS-client-cert-auth
because it (in their opinion) works really bad. The banks will
replace TLS-client-cert-auth with a proprietary auth client that
is very similar to
Anders Rundgren wrote:
Today I was in a meeting with Swedish bank-people. They
told me that they are planning exodus from TLS-client-cert-auth
because it (in their opinion) works really bad.
Well, most times I don't count bank-people as IT security experts.
So what's the problem with
Jean-Marc Desperrier wrote:
- it matches poorly with web sessions including logout
- the GUI look like c--p
- it offers no branding capability
I think the problem is almost exactly the same as the one that has
caused form/cookie based authentication to replace Basic Authentication.
Not
Michael Ströder wrote:
Anders Rundgren wrote:
Today I was in a meeting with Swedish bank-people. They
told me that they are planning exodus from TLS-client-cert-auth
because it (in their opinion) works really bad.
Well, most times I don't count bank-people as IT security experts.
10 matches
Mail list logo