On 03/22/2009 12:55 AM, Ian G:
I don't know about these things, but I recognise that badly configured
servers are a pain. The servers I have experienced this with are
Apache. They may be misconfigured, but the sysadms aren't agreeing at
the moment, and talking about the sysadms being "bad" isn't going to
help; they are no better nor worse than the other ones I've known.
Now I have to disagree strongly with you. Servers must be configured no
matter what. No server comes with a correctly installed server
certificate for example, nor is a server tuned to serve your specific
content. Server MUST be configured otherwise they don't
work....including client cert auth. Incidentally your sys admin must
have configured the server in question to request client cert auth
because NO server asks for client certificates in their default
configuration...so give me a break and kick your sys admin... (most
likely he doesn't have a clue about what he is doing, but that's another
story I guess)
And even when the Apache config is "fixed", this is just the
server-side workaround.
LOL...a misconfiguration server will ALWAYS make you problems...any
misconfigured software will. This is not a work-around, in your
situation it's most likely THE solution.
This only means I have to hit a pop-up once every day, it doesn't
solve the fundamental problem: I want to use cert X speaking to
server Y.
It's the other way around, but I can offer you support for a reasonable
fee to have your server configured accordingly...
Do you really imagine that those ideas have not already been
considered by
the browser folks, many times, long ago?
Hmmm, well, many questions abound: why wasn't it done? where was
this discussed? Why didn't client certs just happen? Why are we
still using passwords?
Good question....it's because it's so much more convenient and everybody
is doing it...but guess what, some thought leaders and some leading
projects are working on having that changed.
But there is indeed no logic to defend Paypal and your bank with XYZ
measures as long as they use useless user/pass pairs. But in the end of
the day it's all a question of risk assessment and the price you are
willing to pay and that of the insurance. Once that price goes up there
are viable solutions like client certs...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto