[144781] in cryptography@c2.net mail archive
Re: Client Certificate UI for Chrome?
daemon@ATHENA.MIT.EDU (Stefan Santesson)
Wed Aug 26 15:46:41 2009
Date: Wed, 26 Aug 2009 16:36:21 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: <cryptography@metzdowd.com>
There is an approach to this that currently is being standardized in the
IETF PKIX group. The certificate image work
(draft-ietf-pkix-certimage-01.txt)
The current draft is available from:
tools.ietf.org/html/draft-ietf-pkix-certimage-01
The technical idea behind this is very simple. Instead of trying to break
our back in an attempt to decode the extremely underspecified attributes in
a certificate and instead of trying to come up with sensible display labels
for each attribute (instead of CN, C, O, OU and other useless abbreviations
used today) This specification lets the issuer associate a complete display
ready image of the certificate that contains the essential information a
user would be interested to see.
>From a UI perspective, this turns a close to impossible task to a simple
task as the client, given that the issuing CA is trusted, simply displays
this certificate image.
Major certificate issuers (no names) have expressed substantial interest in
issuing certificates with this feature if there are clients that are
interested to make use of them in their UI.
Stefan Santesson
AAA-sec.com
> -----Original Message-----
> From: owner-cryptography@metzdowd.com [mailto:owner-cryptography@metzdowd.com]
> On Behalf Of Ben Laurie
> Sent: Wednesday, August 05, 2009 9:59 AM
> To: Cryptography
> Subject: Client Certificate UI for Chrome?
>
> So, I've heard many complaints over the years about how the UI for
> client certificates sucks. Now's your chance to fix that problem -
> we're in the process of thinking about new client cert UI for Chrome,
> and welcome any input you might have. Obviously fully-baked proposals
> are more likely to get attention than vague suggestions.
>
> I imagine I may well hear "what about the UI around server
> certificates?" - fair enough, feel free, and I'll see what I can do.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
