they only occasionally get their pigs to fly outside
the lab...
Anders
- Original Message -
From: "Varga Viktor"
To: "mozilla's crypto code discussion list"
Sent: Friday, October 16, 2009 14:56
Subject: RE: mobile phone certificates. Re: why client certs
> >
> > Will this one day reach the PC? No, you will still use the phone as
> the token
> > (and token selector/executor) while the PC crypto will be bypassed.
> NFC
> > does the connection together with Wi-Fi.
>
>
> Hmmm! Interesting thoughts.
There is a total different approach too:
1. store th
--- Original Message -
From: "Martin Paljak"
To: "mozilla's crypto code discussion list"
Sent: Thursday, October 08, 2009 14:20
Subject: Re: mobile phone certificates. Re: why client certs
FYI:
Estonia has WPKI, eID keys on SIM cards, a SIM application triggered
via OTA
Ian G wrote:
Thing is, client certs is one of the few bright spots in security,
looking forward. They remove the passwords from the equation. This
forces that phisher-attacker into the "real-time MITM" space instead of
the "lazy-time MITM space".
No, you're wrong Ian, it's much stronger than
FYI:
Estonia has WPKI, eID keys on SIM cards, a SIM application triggered
via OTA messages.
This is often suggested as either an overall replacement or additional
method for cases when browser based PKI (SSL+server conf+signature
plugins/applets) miserably fails, for whatever reason.
Unfortunate
On 07/10/2009 22:09, Nelson B Bolyard wrote:
On 2009-10-07 10:32 PDT, Kyle Hamilton wrote:
The problem with this analysis is that I have yet to see any situation
where Mozilla's client certificate support meets *anyone's* needs.
Well, of course, we don't hear from the people for whom it works
On 07/10/2009 22:17, Anders Rundgren wrote:
I don't believe that client certificates in PCs will ever become mainstream
since
credential mobility and distribution issues have proved to be insurmountable;
not
technically but politically.
However, in mobile phones at least the mobility issue is
On 2009-10-07 13:33 PDT, Eddy Nigg wrote:
>> And in the absence of
>> that trust, checking a cert for revocation is pretty tough. :)
>
> Check it out. If the root is trusted and the client cert has an OCSP AIA
> URI it checks.
Given that Firefox trusts NO roots for issuing client certs, Firefox
On 10/07/2009 10:09 PM, Nelson B Bolyard:
Kyle, Eddy claims that Firefox checks the user's own local cert for
revocation. I claim it does not. I claim that it neither checks the
cert for revocation,
Did you check? Try OCSP hard fail...I'm not against it at all, just the
messages must improv
On 10/07/2009 10:17 PM, Anders Rundgren:
I don't believe that client certificates in PCs will ever become mainstream
since
credential mobility and distribution issues have proved to be insurmountable;
not
technically but politically.
However, in mobile phones at least the mobility issue is sol
I don't believe that client certificates in PCs will ever become mainstream
since
credential mobility and distribution issues have proved to be insurmountable;
not
technically but politically.
However, in mobile phones at least the mobility issue is solved (phone=token)
which
is also the reason
On 2009-10-07 10:32 PDT, Kyle Hamilton wrote:
>
> The problem with this analysis is that I have yet to see any situation
> where Mozilla's client certificate support meets *anyone's* needs.
Well, of course, we don't hear from the people for whom it works.
We only hear from those for whom it doe
On Wed, Oct 7, 2009 at 6:57 AM, Ian G wrote:
> On 07/10/2009 15:46, Anders Rundgren wrote:
>>
>> Ian G wrote:
>>> For Mozilla, which should be interested in end-user security, an
>>> entirely different subject to client-wallet security, this should be
>>> much closer to something interesting.
>>
I was probably unclear; I really meant PKI for external users like
on-line banking.
Microsoft have privately acknowledged that Java applets have replaced
CryptoAPI
in many of these applications while Mozilla seems to get hung on such input.
probably have less than 2% market for client-side PKI.
On 07/10/2009 15:46, Anders Rundgren wrote:
Ian G wrote:
For Mozilla, which should be interested in end-user security, an
entirely different subject to client-wallet security, this should be
much closer to something interesting.
It should but it isn't since nobody from Mozilla (unlike Microsof
On 07/10/2009 15:27, Gervase Markham wrote:
On 06/10/09 12:18, Ian G wrote:
It is somewhat of an eternal discussion at the pub as to why this part
of the SSL project moved to the "demo" stage and then stopped. I would
say that it is because the industrials that were interested in it
couldn't see
Ian G wrote:
For Mozilla, which should be interested in end-user security, an
entirely different subject to client-wallet security, this should be
much closer to something interesting.
It should but it isn't since nobody from Mozilla (unlike Microsoft), has
shown any interest in why government
On 06/10/09 12:18, Ian G wrote:
It is somewhat of an eternal discussion at the pub as to why this part
of the SSL project moved to the "demo" stage and then stopped. I would
say that it is because the industrials that were interested in it
couldn't see how to monetarise the client cert, so they d
On 10/06/2009 01:18 PM, Ian G:
Thing is, client certs is one of the few bright spots in security,
looking forward. They remove the passwords from the equation.
For once we are on the same page
And for those who can still dream, it opens the way for things like
signing of documents ;-)
19 matches
Mail list logo
