[FoRK] DNT: another example of "you can't make this shit up"

Stephen Williams sdw at lig.net
Mon Oct 15 10:43:04 PDT 2012


On 10/15/12 10:28 AM, Gregory Alan Bolcer wrote:
> Or if browsers would work correctly with mutual-auth client side certificates, we could mash up all the 
> user/session/path/domain/provisions/whatever into the certificate and put any length of timeouts on them combined with a 
> clever way to automagically regenerate and repopulate them invisibly during any session or access.

What doesn't work correctly with client-side certificates?
I've used both soft and hard certificates with browsers, SSH, etc. Other than the proprietary driver fiasco for hard certificate 
access, it works.  Except for the problems with PKI itself.

>
> Gawd, that would be really cool.
>
> Greg
>
> On 10/15/2012 10:25 AM, Damien Morton wrote:
>> On Thu, Oct 11, 2012 at 5:41 PM, Stephen D. Williams <sdw at lig.net> wrote:
>>
>>>
>>> We need something like cookies, at least some of the time.
>>
>>
>> Oh yeah - when do "we" need cookies?
>>
>> What does a user do with a cookie? Nothing, they don't even see them.
>>
>> If you have a way of presenting something like a BrowserID - a crypto
>> mashup of username/password/domain - any state can be stored server-side 

sdw



More information about the FoRK mailing list