Re: [TLS] HTTPS client-certificate-authentication in browsers

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 26 July 2011 03:17 UTC

Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A92421F8AC3 for <tls@ietfa.amsl.com>; Mon, 25 Jul 2011 20:17:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.622
X-Spam-Level:
X-Spam-Status: No, score=-3.622 tagged_above=-999 required=5 tests=[AWL=-0.023, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GiurtHrdE-Dq for <tls@ietfa.amsl.com>; Mon, 25 Jul 2011 20:17:34 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by ietfa.amsl.com (Postfix) with ESMTP id 8C78621F86E6 for <tls@ietf.org>; Mon, 25 Jul 2011 20:17:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1311650255; x=1343186255; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20henry.story@bblfish.net,=20mrex@sap.com|Subject: =20Re:=20[TLS]=20HTTPS=20client-certificate-authenticatio n=20in=20browsers|Cc:=20tls@ietf.org|In-Reply-To:=20<13CD C8F7-572C-43C6-9123-29E291B4132B@bblfish.net>|Message-Id: =20<E1QlY9F-0000I9-GL@login01.fos.auckland.ac.nz>|Date: =20Tue,=2026=20Jul=202011=2015:17:33=20+1200; bh=CdZ4q/5ouD1DIjFoytRqYHO71lGfv5QYDaN67phtOxw=; b=FnsoNX7VX0BHf+g2JMerBaO7hNkyiFIAOJ2DwC6uAr5Q+CwXrRONp9Fe ORwpIf3VPgcmzWW1IWUifLW39zJlp5PuJUB9R3LD2Y6eJ+NGsj5FAgBLM 6CfUiNvP5DI0lxZMeEUke6lPBzx3d3Dqb14ZeoQLhDGZJvEt9QWEu3bSF g=;
X-IronPort-AV: E=Sophos;i="4.67,266,1309694400"; d="scan'208";a="74086387"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 26 Jul 2011 15:17:34 +1200
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QlY9F-0005M1-Hv; Tue, 26 Jul 2011 15:17:33 +1200
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QlY9F-0000I9-GL; Tue, 26 Jul 2011 15:17:33 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: henry.story@bblfish.net, mrex@sap.com
In-Reply-To: <13CDC8F7-572C-43C6-9123-29E291B4132B@bblfish.net>
Message-Id: <E1QlY9F-0000I9-GL@login01.fos.auckland.ac.nz>
Date: Tue, 26 Jul 2011 15:17:33 +1200
Cc: tls@ietf.org
Subject: Re: [TLS] HTTPS client-certificate-authentication in browsers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 03:17:35 -0000

Henry Story <henry.story@bblfish.net> writes:

>Is there anything we can do to persuade browser vendors to put more energy
>into solving this issue?

A number of HCI people have been trying this for years and years.  After years
of nothing happening, the only answer appears to be "fork the browser and do
it yourself".

Peter.