I don't believe that client certificates in PCs will ever become mainstream since credential mobility and distribution issues have proved to be insurmountable; not technically but politically.
However, in mobile phones at least the mobility issue is solved (phone=token) which is also the reason why useful distribution schemes will start there as well. Since phones also have limited screen resources, PKI GUI improvement is also called for. Certificates will most likely be represented as cards through an image that either is embedded in the certificate (PKIX) or be supplied as a separate attribute during provisioning (KeyGen2). Will this one day reach the PC? No, you will still use the phone as the token (and token selector/executor) while the PC crypto will be bypassed. NFC does the connection together with Wi-Fi. Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
