[FoRK] DNT: another example of "you can't make this shit up"

Gregory Alan Bolcer greg at bolcer.org
Wed Oct 17 07:01:16 PDT 2012

They aren't contradictory.  There exists browser certificate stores. 
They are only used in one type of use case.  I want to use them in a 
different use case that's slightly different.  That doesn't make it 
contradictory or wrong, it just means I have different requirements.

I don't want to {predict,identify,authenticte} a particular transaction, 
I want to tie multiple transactions together gracefully.

Cookies get blocked, cleaned out, etc.  If you wanted to use cookies, 
and there's plenty of downside to doing so, an encrypted cookie stored 
in an html5 store would work in most cases.  In my case, there's no 
software on the server side that needs to run other than the 
installation of the SSL cert and automated resource configuration.  IN 
fact, to do resource-by-resource controls with cookies, you'd have a 
huge, static mess on your hands.

It's a better way of doing it that only requires browser cert handling 
to do what it originally was supposed to do and not be at the mercy of 
current browsers' incomplete implementations.


On 10/16/2012 7:54 PM, Stephen D. Williams wrote:
> That doesn't hold together.  0 & 2 are contradictory.  3 is by design
> because the cert store isn't designed to be used that way.  1 seems at
> odds with A) using certificates B) some of what you said before.  It
> sounds like you are wanting to use public keys (otherwise, why a cert
> and not a cookie?) to protect & authenticate (security) a particular
> transaction (identity). Identity is not limited to identity of a person,
> it can be any kind of entity including a transaction / payment.

greg at bolcer.org, http://bolcer.org, c: +1.714.928.5476

More information about the FoRK mailing list