Author: Melvin Carvalho 2013-11-02 13:16:12
Published on: 2013-11-02T13:16:12+00:00
In an email thread from November 2, 2013, Mike Hearn discussed the use of client certificates for authentication. He acknowledged that while browser manufacturers have not optimized the user experience for this method, it is still possible and cited a Mozilla Labs project as an example. However, he noted that more popular options like OAuth or Persona operate on a trusted third party model, which creates a conflict of interest since browser manufacturers are often identity providers. Hearn expressed his preference for controlling his own identity with Public Key Infrastructure (PKI), but acknowledged that major players like Facebook and webmail providers dominate the market. The email thread also included a link to a white paper on secure code signing practices for Android apps.
Updated on: 2023-06-07T18:53:29.172336+00:00