[whatwg] whatwg Digest, Vol 82, Issue 10
Kornel Lesiński
kornel at geekhood.net
Fri Jan 7 05:49:28 PST 2011
On Fri, 07 Jan 2011 11:11:55 -0000, Glenn Maynard <glenn at zewt.org> wrote:
> I gave it a try earlier, since it was mentioned. It created my
> account, rejected my CSR, and I got a message saying that I somehow
> failed to create a login certificate, that I'd no longer be able to
> log in, and according to the FAQ the only way to continue would be to
> create a whole new account on a different email address and to ask
> them to manually merge the accounts. That's broken in countless ways;
> no CA should have such a brittle, half-baked account system.
StartSSL uses client certificates to log in, which theoretically is a
great idea, as account access (thus security of all its certificates)
relies on strong cryptography, rather than some custom password-based
mechanism.
In practice it's not so great, but maybe it's not StartSSL's fault, but
due to complexity of certificates, inflexibility of <keygen> and very
rough implementations of it.
--
regards, Kornel Lesiński
More information about the whatwg
mailing list