Re: [TLS] HTTPS client-certificate-authentication in browsers

Anders Rundgren <anders.rundgren@telia.com> Mon, 25 July 2011 16:11 UTC

Return-Path: <anders.rundgren@telia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 911FD11E80A4 for <tls@ietfa.amsl.com>; Mon, 25 Jul 2011 09:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.575
X-Spam-Level:
X-Spam-Status: No, score=-3.575 tagged_above=-999 required=5 tests=[AWL=0.024, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qMFQuAz8Cpdq for <tls@ietfa.amsl.com>; Mon, 25 Jul 2011 09:11:18 -0700 (PDT)
Received: from smtp-out11.han.skanova.net (smtp-out11.han.skanova.net [195.67.226.200]) by ietfa.amsl.com (Postfix) with ESMTP id BED2521F8C30 for <tls@ietf.org>; Mon, 25 Jul 2011 07:34:07 -0700 (PDT)
Received: from [192.168.0.202] (81.232.44.37) by smtp-out11.han.skanova.net (8.5.133) (authenticated as u36408181) id 4D6512CA034B6E85; Mon, 25 Jul 2011 16:34:00 +0200
Message-ID: <4E2D7ECD.1040505@telia.com>
Date: Mon, 25 Jul 2011 16:33:49 +0200
From: Anders Rundgren <anders.rundgren@telia.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>
References: <4E2D5C63.3000408@telia.com> <4E2D7183.10009@stpeter.im>
In-Reply-To: <4E2D7183.10009@stpeter.im>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] HTTPS client-certificate-authentication in browsers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 16:11:20 -0000

On 2011-07-25 15:37, Peter Saint-Andre wrote:
> On 7/25/11 8:06 AM, Anders Rundgren wrote:
>> Hi Guys,
>> I don't really know who "owns" this question but presumably you do...
> 
> I've forwarded your message to the http-auth@ietf.org list because folks
> there might also be interested.
> 
> https://www.ietf.org/mailman/listinfo/http-auth

Thanx Peter,

I'm a bit of a skeptic when it comes to new or extended auth
protocols based on the transport layer, for usage in browsers.
It seems more flexible supplying meta-data at the app-level.

"Web Programmers" do not really understand TLS and that is
also a factor to consider.

I agree that this may be "unclean" but HTTPS CCA has been
neglected, and there are alternatives already in production
that looks much "prettier".

There is another issue that is related.  In the EU web signing
is fairly popular but not supported at all by for example Microsoft.

Regards,
Anders