Let's see. Difficulties: Everything. Management of expired certificates, both your own and others'. Management of revoked certificates, both your own and others'. Management of keys. Management of certificate requests. Management of multiple certificates with differing Subjects, on a browser you use for multiple purposes.
Servers: I've yet to see any way to rekey or even recertify an Apache httpd process without requiring a shutdown/restart (graceful, certainly, but not good for high availability). Clients: What uses them? What software uses it, either as a TLS authentication or an S/MIME mechanism? What communities use it? Y'know, I first started getting involved with creating an SSLeay CA, for my organization, in 1997. It's TWELVE YEARS LATER, AND THERE HAS BEEN NO APPRECIABLE IMPROVEMENT IN THE CLIENT CERTIFICATE USER INTERFACE. My apologies for being appalled at this state of affairs. -Kyle H On Thu, Nov 5, 2009 at 9:44 AM, Wes Kussmaul <w...@authentrus.com> wrote:
All, Let me introduce Barbara Mende. Barbara is producing a guide for users of digital certificates, particularly client certificates, that we hope will be instrumental in getting them more widely adopted. Currently Barbara is collecting information about "certificate gotchas," difficulties experienced by users in the creation, installation and use of digital certificates, and the workarounds and solutions to the problems. If you have ideas, information or sources of information that would be useful to Barbara in this effort, please send them to her at bme...@reliableid.com. She is also on this list, if the subject is worthy of discussion here. Wes Kussmaul Reliable Identities -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
