Re: client certificates unusable?

Sat, 21 Mar 2009 12:32:32 -0700 

On 21/3/09 16:54, Eddy Nigg wrote:


Huu? No outcry about rudeness in mailing lists here?




Eddy, I agree that rudeness was carrying us away from the problem and on 
to the personalities.  Indeed, it's up to all of us to be be minded of 
this.  For reasons that are too wordy to be worth the bytes, I didn't do 
it, so thanks!





Now, to the problem.  It seems that we have a consensus that client 
certificates (in a client authentication role at least) are unusable 
with the current system.  Approximately, for many reasons.



And, the way forward is more UI support [1], as suggested by Johnathan. 
 Specifically, to me at least, it seems that it would look like this:



a. For every request for a client-cert, there would be a request from 
low-level code to intermediate-level code for a key/certificate.



b. In the intermediate layer, that request would be matched against a 
list of pre-established tuples like {domain name, certificate, action, 
status}.



c.  If the typle isn't found (which means the domain name wasn't 
indexed) then the intermediate level code would pass the request up to 
the higher-layer code to ask the user (pop-up?) :


    * which certificate to use (if more than one available)
    * whether to accept this choice:
      + once
      + for minutes (say 30 minutes, but configurable)
      + for now (in memory, not saved to disk) [2]
      + forever (save tuple to disk).
    * whether to display the client identity in use


d. The intermediate layer returns the key/cert to be used via either 
tuple matching or via user interface.  Then, once the tuple is 
set/saved, we have a good chance of transparent session restart.


How does that sound?



iang


[1] Yes, we noted that servers may be misconfigured.  But, waiting for 
the servers to be properly configured looks implausible, we might be 
waiting for a long time, and even then we won't have solved the full 
problem.  It seems fairly clear that clients will *always* have to deal 
with it, regardless.



[2] For my money, I want the "for now" option because I want to be 
re-asked in a few days of what's going on ... and be forced to rethink 
whether I want a long term relationship here or not.  I don't want the 
browser to store any relationship in any permanent store until I tell 
it.  That's just me...

--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto





























					Reply via email to