[mrsteveman1]

StartSSL has some detractors but I've used them for certain projects for quite a while, including for S/MIME email certificates (with full knowledge of the security implications compared to PGP, of course).

I'll give them some credit though for successfully using client certificates for login purposes. Sure it has some obvious drawbacks (if they only issue you one login keypair, losing it locks you out of your account) and some real benefits. It's interesting to say the least, and impressive to see working too.

I'd like to see that sort of login method offered at least as an option on more websites, even consumer stuff like Gmail and Facebook, but especially other SSL providers, seems like a natural fit.

As a login method it works automatically without any user interruption, every browser seems to support it, even my iPhone, and the enrollment process for securely generating a new key on the users machine and installing their certificate in the browser for them can clearly be 100% automated by the website itself (that's what StartSSL does), so that removes almost all the pain points for even non-technical users.

Oh and it makes automatic website login via smartcards possible too, should you choose to develop an obsession with them like I have :)

/tangent