Hacker News new | ask | show | jobs
by mrsirduke 3582 days ago
We tried using X.509 certificates in Denmark for proving your identity to the state.

It was a complete nightmare unless you understood what public key crypto is, how it works, and how to configure your browser for it.

Don't get me started about having to move your certificate/keys around.

It doesn't work for the masses.
3 comments
technomancy 3582 days ago
There's a world of difference between a well-designed pubkey interface like ssh-agent and what you get in today's browsers.

I don't know how feasible it would be to replace passwords for the general public, but if browser vendors were actually serious about security, they could go a very long way towards making client certs feasible just by giving up on their current strategy of putting their fingers in their ears and pretending it doesn't exist.

link
JorgeGT 3582 days ago
Something similar in Spain, your mandatory ID card is a smart card, and you can also ask for free personal certificates from the Royal Mint. Works really great to do paperwork from home, but only a minority uses it.
link
ashitlerferad 3582 days ago
So when are the browser vendors going to fix their interfaces?
link