|
|
|
|
|
|
by emily37
5216 days ago
|
|
|
It seems that the only type of client cert we're likely to see in wide use on the web in the near future are origin-bound certificates (Google):
http://www.browserauth.net/origin-bound-certificates The proposal is to automatically generate a self-signed cert for each origin. This gets rid of many of the UI problems: it eliminates the need to choose which cert to send to each site (which also means the user can't be tracked across sites via OBCs, and thus the user doesn't need to grant permission before sending his cert). On the other hand, it doesn't solve the problem of re-authenticating on different machines. It's not proposed as a primary authentication mechanism, but instead as a means of strengthening ordinary HTTP session cookies (http://www.browserauth.net/channel-bound-cookies). |
|
|