Thanx Robert, I think this motivates me to continue with the WebAuth standards proposal which unlike TLS client certificate authentication builds on web session state which works better for users, browser implementers, and web-service developers. It doesn't come as a surprise that Microsoft shelved TLS client certificate authentication for CardSpace in favor of an application-level authentication protocol.
Anders ----- Original Message ----- From: "Robert Relyea" <[EMAIL PROTECTED]> To: "Anders Rundgren" <[EMAIL PROTECTED]> Cc: <dev-tech-crypto@lists.mozilla.org> Sent: Tuesday, April 01, 2008 22:39 Subject: Re: Erratic SSL client-cert-auth in FireFox Anders Rundgren wrote: > on the URL http://demo.webpki.org/mozkeygen > you can get yourself a certificate by clicking a single button. > > What is a bit hard to understand is why the test-service at > https://www.apache-ssl.org/cgi/cert-export > often (but not always!) asks the user multiple times to OK the > certificate selection dialog. In IE I get a consistent one invocation > with similar certificates. > Sigh, this change was a result of the bug: bug 295922 https://bugzilla.mozilla.org/show_bug.cgi?id=295922 > I note a difference in TLS parameters for IE and FF. > > Is this maybe related to some negotiation issues? Is the server > wrongly configured or is FireFox handling this incorrectly? I > haven't touched any settings in FireFox. > > Anders > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
