|
|
|
|
|
|
by GuidoW
3493 days ago
|
|
|
I've designed this protocol[1] to make client certs work easy for end users. Signing up at a site is just requesting a client cert at the site's private CA. It requires a user agent (a browserplugin) on the client side. The agent keeps check of which certificates belong to what sites so it actively blocks MitM attacks. Granted, if you need to share your certificates, you'd have to copy them over. For that, use the sync-feature of your browser or design something better. But synching is a separate concern, independent of the authentication protocol. [1] http://eccentric-authentication.org/ |
|
|