tags: certificate

Action executed in 0.000

Each Tag


Common tags - number of posts

home (1), SSL (1), directory (1), authentication (1), Elwing (1), green (1),


Green Advantage

Today's environmentally conscious client prefers structures that are: energy and water efficient, durable and disaster resistant, healthier and environmentally friendly. Green Advantage® certifies your knowledge of the latest in "green" building practices, technologies and techniques. Get registered today. Certified practitioners are included in our Online Directory.

url: http://www.greenadvantage.org/

type: none, format: none

Client Certificate Verification

So someone around here is to lazy to pick up his/her cookie before leaving a comment on my site. They clear their cookies monthly. I don't want to have just a form where you put your name, email address, and website, because that could allow someone to impersonate another person. And i'd like to avoid forcing readers to have another passwords. So.

The solution presented itself while discussing the issue with Laura. Take advantage of SSL. Normally when you visit a commercial web site to make a purchase, you verify that you are really talking to that company, because they provide a certificate, and this cert is signed by a well known certificate (like Verisign) and your browser already trusts that cert.

But SSL is a two way authentication system. What i propose is the converse. When a reader wants to leave a comment on my site, they may provide their cert. If it's signed by a well known cert, great; if not then i'll need to verify it (it's fingerprint at least) somehow. This is a one time event.

When they come to the site with a cert that i eventually trust, i'll just let them post the comment. There's no need for a password. I may not even need to ask for their username.

I think it's about time my so called "security conscious" friends and i deploy such a system. Hehe, but does their canned blogging software have this ability?

What if my to-be commentators don't have certificates? Well then it's back to tokens over email, passwords, or posting anonymously.