Re: [TLS] HTTPS client-certificate-authentication in browsers

Anders Rundgren <> Mon, 25 July 2011 13:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E5F8C21F8B0C for <>; Mon, 25 Jul 2011 06:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.425
X-Spam-Status: No, score=-3.425 tagged_above=-999 required=5 tests=[AWL=-0.141, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_MILLIONSOF=0.315]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Nb1RfIRxicDM for <>; Mon, 25 Jul 2011 06:38:47 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B81C821F8B15 for <>; Mon, 25 Jul 2011 06:38:46 -0700 (PDT)
Received: from [] ( by (8.5.133) (authenticated as u36408181) id 4DEDBD7B00DAF446; Mon, 25 Jul 2011 15:38:45 +0200
Message-ID: <>
Date: Mon, 25 Jul 2011 15:38:35 +0200
From: Anders Rundgren <>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Henry Story <>
References: <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] HTTPS client-certificate-authentication in browsers
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 Jul 2011 13:38:48 -0000

On 2011-07-25 15:05, Henry Story wrote:

>> If there had been a *single* mainstream service of US origin who used
>> HTTPS CCA this would be fixed in record time.
> What about the army? They are pretty big in the US, representing a huge portion
> of the budget I believe.

Yes, but the army has IT-staff that takes care of "issues", consumers
do not.  The army is also much less fuzzy about inconvenience.

>> The tenths of millions of users of "homegrown" PKI authentication schemes
>> in the EU and Asia apparently don't think HTTPS CCA is particularly useful,
>> neither do I.  

> I believe that is only because of the naming problem. Distinguished Names of companies
> don't scale to the world.

There are actually several other problems that are much worse.
On my wife's firefox the bank have deployed two certs and
both of the show up when she is going to login.  If she
takes the one marked "non-repudiation" you get a security
error that only experts understand.

>> TLS' session context is incompatible with web sessions.

> Why?  A TLS Session can work very well with web sessions. You can 
> just make your TLS session be a web session.

AFAIK HttpSession.invalidate in Tomcat/JBoss has no effect whatsoever
on a TLS session.

>> For our mutual interest, PKI for consumers, it doesn't really matter what
>> the end-solution will be, but an educated guess is that will not build
>> on HTTPS CCA, but on HTTPS with + an application.  This is BTW pretty
>> much what has happened with HTTP auth versus form-based auth.
> yes, but there is no argument for why this is the case. And you don't 
> even consider

WebID isn't diminished by this.  It just gets better :-)

>> Fortunately this can be introduced without redeploying PKI so it is a
>> true "migration solution".

> IT's odd that people want to move away from something that is close to working.
> I wonder why... What is the agenda?

They have given up on this.
"Close to working" isn't good enough.


>     Henry
>> Anders
>>> Henry
>>> On 25 Jul 2011, at 14:06, Anders Rundgren wrote:
>>>> Hi Guys,
>>>> I don't really know who "owns" this question but presumably you do...
>>>> HTTPS client-certificate-authentication in browsers
>>>> ===================================================
>>>> I don't believe that TLS CCA (Client Certificate Authentication) in the
>>>> form of HTTPS as implemented in current browsers has much of a future.
>>>> In fact, quite a bunch of the entities in the EU working with consumer PKI
>>>> have replaced HTTPS CCA with an application level scheme which wasn't such
>>>> a big deal since they anyway were forced writing a browser PKI client more
>>>> or less from scratch since the ones shipped with browsers doesn't support
>>>> PKI as defined by banks and government (like mandatory PIN codes also
>>>> for on-line enrolled keys).
>>>> That the TLS CCA protocol doesn't even support "Logout" haven't made
>>>> it a logical choice for web developers either.  Well, there are some
>>>> workarounds but they are by no means straightforward, supported
>>>> out-of-the-box by server authentication schemes, and are (of course)
>>>> entirely undocumented.
>>>> The button "Clear SSL state" in MSIE is an indication how horribly bad it
>>>> can go when security experts design systems for "people".
>>>> There's no way you can hide the fact that TLS CCA is only truly useful
>>>> securing tunnels between "boxes".
>>>> Anders
>>>> _______________________________________________
>>>> TLS mailing list
>>> Social Web Architect
> Social Web Architect