On 17/3/09 13:45, Johnathan Nightingale wrote:
On 17-Mar-09, at 7:55 AM, Ian G wrote:
<https://bugzilla.mozilla.org/show_bug.cgi?id=295922> Now, this is a
So we have seem to have a choice: client certificates are unusable
because they always ask, or they are unusable because they always leak
private info. There is no middle ground.
Starting from a point of basic agreement that client certs need to be a
lot more usable than they currently are, I'll nevertheless point out
that your experience isn't the typical one, here. As you mention in your
footnote, there appears to be some brokenness with your testing server
wrt SSL sessions. The initial client cert auth should be used to
establish an authenticated session, which the server should persist for
some period of time thereafter, making subsequent identifications less
onerous. Nelson has commented on bugs of this ilk before, I hope he's
around for this thread as well.
I think I would agree with the other comments, the gist of which seems
to be that the caching time set at the server-side seems to be too
overloaded to be useful/reliable for the certificate authority purpose
hoped for here.
Having said that...
Yup!
There is some discussion that there should be a "whitelist" management
along the lines of the tuple {site, cert, status}. And some juicy UI
to manage that.
So the next questions are: is whitelisting decided, and how far
advanced are we on that? (Or, is there some alternative?)
I started this reply with "client certs need to be a lot more usable."
Right, this is my hope as well.
This is something I wanted to do for Firefox 3.5 (née Firefox 3.1) but
other obligations kept me from doing much work on that release in the
early "feature planning" stages. It continues to be something I'd like
to improve in Firefox Next, specifically in the areas of:
- Remembering certs used on a particular site for future interactions
- Improving the cert selection dialog so that it can be read by humans
- Reviewing the cert management/installation UI to see if we're really
serving our users' needs there (should every cert pushed be installed
without prompting?)
Right, ok, that sounds like a big improvement.
I think the implicit 4th step there is evangelism, because I think
they're a much more robust identification/authentication technology than
login+pw, or most of login+pw's would-be replacements. But I also think
there's no point evangelizing the current state of affairs, for the
reasons and frustrations you've already outlined. :)
Agreed. Is there a bug we can vote on to improve the probabilities of
improving the utility of client certs?
(I'm scratching around trying to figure out a more positive
contribution, other than "write the darn code" which we all know isn't
an answer.)
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
