On Tue, Mar 17, 2009 at 4:16 PM, Eddy Nigg <eddy_n...@startcom.org> wrote: > On 03/17/2009 10:42 PM, Kyle Hamilton: >> >> If client certificates aren't evangelized, the brokenness will never >> come to light. If the brokenness never comes to light, it's a huge >> amount of resource investment for absolutely zero gain. >> > > I very much believe that client certificate authentication have potential. > For example at StartCom we made client cert auth a precondition for having > accounts at all at the CA. By solving our own needs we incidentally also > started its promotion obviously. However we had to work around the > brokenness, which in itself isn't useful perhaps either. And I wasn't > successful in getting ANYTHING done in this respect. As of this day Apache > and NSS folks keep blaming the other side. > > But there certainly isn't a situation which requires "huge amount of > resource investment for absolutely zero gain". It requires some resources > for a very obvious gain. Once the "brokenness" gets solved it has even a lot > of potential to become mainstream.
If they keep blaming each other, nobody's going to get anything done. If nothing is done, the sheer amount of investment in client certificate support is wasted. This isn't a situation which requires a huge amount of resource investment for absolutely zero gain, this is a situation which has already had a huge amount of resource investment for very close to zero gain. This needs to be fixed. This needs to be resolved. And the sooner that people at Mozilla (in the Firefox and Thunderbird teams, specifically) start realizing that we are the users of the technology and are bitching about its unusability, and thus that we are the customers that they should be trying to support... the sooner Things Will Get Done. I've even come up with I don't know how many ideas on how to make it better. I can't understand the codebase, so I can't contribute patches -- but "being able to understand the codebase and thus being able to submit patches" seems to be a prerequisite for any idea being taken at all seriously around here. -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
