On 03/22/2009 12:26 AM, Ian G:
Right, the problem perhaps is better expressed that some of these
comments *aren't written with emoticons at the end* so it is not easy
for those from diverse cultures to figure out the joke. Oh, and I
save my stuff for those that appreciate fine red wine ;-)
Ahhhh, at last you are talking, men! :-)
I could offer you also a fine collection, but I'm on duty right now, so
we have to do that later...
I agree that unusable is strong, even debatable.
I suspect those who have got it working have either clicked on the
button that says "present always", or they are working in a strict
corporate or government environment where local solutions can develop
(which Nelson pointed to). Or perhaps it is OpenId and the answer is
we must all adopt that?
No, nothing of the above (except that Firefox is now configured to
always ask). But why don't you check it out yourself? I guess you don't
need the specific URL from me to find the site I'm talking about ;-)
OpenID and client certs are a great combination. You can test it at the
various StartSSL sites (they authenticate via OpenID to each other).
Either way, it seems as though all those caveats have problems:
Clicking the button cannot be recommended because it is a privacy risk.
??? Except if you intend to do that, don't you? The issue was previously
when a server asked for a cert and was willing to accept any cert and
the browser just sent one over without notifying the user...this has
been fixed by now...
Corporate/ government is fine, but that's not Mozilla, that's
Microsoft; wrong list, sorry. OpenID? What's that, and what's wrong
with client certs *as client certs*? Etc etc.
I'm willing to make an introduction, but this is the wrong list too...
Good. Er, are you saying we should just let him get on with it,
without discussion here? If we're all cool with that, that's fine by
me, we can take it offline ;-)
I think that once he is ready we should voice our opinion. So far he has
produced some nice things IMO and I'm very interested to see what he's
up to...besides that he's listening here too...
Super. Point me to it. Where in my UI do I get it to work "mostly
well" ... as you say, it must be there, I just need the way to find it?
I am certainly missing this. Please, tell us where it is? How do I
set the "use cert X with site Y always" feature?
Mmmhh, I don't want that feature (for myself) since I have to use
different certs for different rules and tasks on the same sites
sometimes...but in order to get a good feeling, why don't you heed my
advice and check it out? Perhaps you'll see a good thing or two on the
way ;-)
*I* don't have the servers, and therefore I can only follow Nelson's
advice and complain. Guess what, they ignore the complaints, coz it
works for them. Also, I want a solution for all of Mozilla's 150m
users, not yet another hate campaign against the server people, who
haven't forgiven me for the last one. Some advice on application
programming ... lol, gee, if that worked we wouldn't be where we are
now: 99% dependent on the good old password.
Lets go step by step...tell me if what I have to offer works for you and
then lets talk...(perhaps also off-list)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
