Why is nobody using SSL client certificates?

Did you know that ever since the days of Netscape Navigator 3.0, there is a technology that allows you to

  • securely sign on without using passwords
  • allow for non-annoying two-factor authentication
  • uniquely identify yourself to third-party websites without giving the second party any account information

All of this can be done using SSL client certificates.

You know: Whenever you visit an SSL protected page, what usually happens is that your browser checks the identity of the remote site by checking their certificate. But what also could happen is that the remote site could check your identity using a previously issued certificate.

This is called SSL client side certificate.

Sites can make the browser generate a keypair for you. Then they’ll sign your public key using their private key and they’ll be able to securely identify you from then on.

The certificate is stored in the browser itself and your browser will send it to any (SSL protected) site requesting it. The site in turn could then identify you as the owner of the private key associated to the presented certificate (provided the key wasn’t generated on a pre-patch Debian installation *sigh*).

The keypair is bound to the machine it was generated on, though it can be exported and re-imported on a different machine.

It solves our introductory three problems like this:

  • by presenting the certificate, the origin server can identify you. No need to enter a user name or a password.
  • By asking for a password (something you know) and comparing the SSL certificate (something you have), you get cheap and easy two factor authentication that’s a lot more secure than asking for your mothers maiden name.
  • If the requesting party in a three-site scenario knows your public key and uses that to request information from a requested party, you, can revoke access by this key at any time without any of the parties knowing your username and password.

Looks very nice, doesn’t it?

So why isn’t it used more often (read: at all)?

This is why:

Picture underlining the

The screenshot shows what’s needed to actually have a look at the client side certificates installed in your browser, which currently is the only way of accessing them. Let’s say you want to copy a keypair from one machine to another. You’ll have to:

  1. Open the preferences (many people are afraid of even that)
  2. Select Advanced (scary)
  3. Click Encryption (encry… what?)
  4. Click “View Certificates” (what do the other buttons do? oops! Another dialog?)
  5. Select your certificate (which one?) and click “Export” (huh?)

Even generation of the key is done in-browser without feedback by the site requesting the key.

This is like basic authentication (nobody uses this one) vs. forms based authentication (which is what everybody uses): It’s non-themeable, scary, modal and complicated.

What we need for client side certificates to become useful is a way for sites to get more access to the functionality than they currently do: They need information on the key generation process. They should allow the user to export the key and to re-import it (just spawning two file dialogs should suffice – of course the key must not be transmitted to the site in the process). They need a way to list the keys installed in a browser. They need to be able to add and remove keys (on the user’s request).

In the current state, this excellent idea is rendered completely useless by the awful usability and the completely detached nature: This is a browser feature. It’s browser dependent without a way for the sites to control it – to guide users through steps.

For this to work, sites need more control.

Without giving them access to your keys.

<divpInteresting problem. Isn’t it?</p>

pilif.ch is back

It has been a while since I lost pilif.ch. Two years to be exact.

Fortunately, it looks like the domain grabber who took pilif.ch after that unfortunate accounting incident has since lost interest, so now pilif.ch belongs to me again. About bloody time!

Aside of the fact that my online identity has always been pilif (despite lipfi sounding much friendlier when pronounced in swiss german), there are other reasons for me wanting the domain back:

  • it’s in my MSN-ID (passport@pilif.ch)
  • various other @pilif.ch addresses are registered at various services I’ve since forgotten the password for.
  • it was the very first domain I bought – ever.

So it’s back to the roots for me. MX, Web and DNS are already configured (the zone file is actually symlinked to lipfi.ch – I have no idea whether this is a legal thing to do, but it works).

Home – sweet home!

Broken by design

The concept sounds nice: To control all the various remote controllable devices you accumulate in your home cinema, why not just use one programmable remote? With enough intelligence, I would even be able to do much more than provide some way of switching personality.

I mean: Press one button and you have a remote for your receiver, press another and it’ll be for your media center, but losing its receiver functionality.

Why not put it in “Media Mode” where it controls the volume by sending commands the receiver understands while still providing full navigation support for your media center.

Logitech’s Harmony family promises to provide that functionality.

Unfortunately, it’s broken by design as

  • it tries to be intelligent while it is completely stupid. For example, I can add a “Music Player”-Functionality, with the intention of it sending commands to a Squeezebox, but as soon as you add a media center, it insists to use that to play music without a way to change that.
  • The web based programming interface is awful. It forces you through multi step assistants, each time reloading the (ugly) pages, asking questions which could easily be placed on one screen.
  • It only works on Mac and Windows (no Linux support)

Especially the first point rendered this interesting concept completely unusable for me.

Now, Engadget just had an article about project Concordance, a free software project allowing to access the functionality (the whole functionality) from any UNIX machine using a command line tool, while also providing a library (with Perl and Python bindings) for us to write a useful GUI for.

I can’t wait to try this out as this easily circumvents the awful UI and may actually provide me with means to make Harmony work for my setup.

Also, it’s a real shame to see a very interesting project be made completely unusable by bad UI design.