Thanks Bob,
On 10/05/2009 07:39 PM, Robert Relyea:
FF does not just resend the same certificate unless you have 'Select
Automatically' turned on.
This is the default settings.
I don't think anyone is doubting that both FF and IE have some problems
with the way they handle client auth. Most of these problems can be
worked around on the server (use request, not require, through an error
page if the cert you wanted wasn't the cert you got).
I know, we however prefer a hard require for some reasons. Obviously
what you suggested is only a work-around for a relative broken UI :S
The current problems we have in the browsers are: 1) EI never let's go a
certificate decision for a website unless you restart, go go to the
magic page which clears all of the EI cert decisions, and 2) Firefox
never remembers the certificate you selected, so your only choices are
to have firefox silently always select a certificate, or always prompt
the user on each renegotiation (which is painful for many servers which
seem to always drop the session).
I think the later was "fixed" in Firefox by creating the "remember" flag
and set it by default on. it created obviously another problem now.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
