[sugar] ssl authentication [was (another) WebKit port of Browse]
cafl at msbit.com
Tue Jul 8 17:31:09 EDT 2008
While you may believe the setup you have in mind is easy and uncomplicated,
the odds are *overwhelmingly*, **super-stunningly** stacked against you to
make PKI work the way you want in production. The fact that TLS client
certs, in particular, have zero commercial end-user deployment uptake,
should tell you something.I cannot recommend more strongly to stay the
bloody hell away from the entire real PKI/X.509/CAs morass. A solution based
on e.g. SSH and key continuity is, while certainly less traditional,
enormously likely to work out better in practice.
This is an assertion, not an argument. It is also factually incorrect.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel