If we get away from garbage like Mozilla's <keygen>, PKI-based client- authentication becomes a natural feature for mobile devices. This in itself render attacks on the SSL server PKI much less useful.
If you to that add an optional X.509 extension holding a dedicated trust list, the client won't even allow you to login to the fake site. Anders _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
