On 10/05/2009 11:38 AM, Eddy Nigg wrote: > Thanks Bob, > > On 10/05/2009 07:39 PM, Robert Relyea: >> FF does not just resend the same certificate unless you have 'Select >> Automatically' turned on. >> > > This is the default settings.
Hasn't been for over a year now... https://bugzilla.mozilla.org/show_bug.cgi?id=295922 > >> I don't think anyone is doubting that both FF and IE have some problems >> with the way they handle client auth. Most of these problems can be >> worked around on the server (use request, not require, through an error >> page if the cert you wanted wasn't the cert you got). >> > I know, we however prefer a hard require for some reasons. Obviously > what you suggested is only a work-around for a relative broken UI :S It's not an unreasonable work around, and probably your best choice if you need to work with a broad range of clients. While we need to fix the clients, for the web servers, they need a solution they can use now with reasonable semantics. > >> The current problems we have in the browsers are: 1) EI never let's go a >> certificate decision for a website unless you restart, go go to the >> magic page which clears all of the EI cert decisions, and 2) Firefox >> never remembers the certificate you selected, so your only choices are >> to have firefox silently always select a certificate, or always prompt >> the user on each renegotiation (which is painful for many servers which >> seem to always drop the session). >> > > I think the later was "fixed" in Firefox by creating the "remember" > flag and set it by default on. it created obviously another problem now. You're right. Now it's as bad as Microsoft, except Microsoft at least has a button to 'forget'. Fortunately, I don't believe this is the final word on the matter.:)
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
