I cannot articulate how much I love this. Passwords are always the main failure points in applications and I’m always looking for a way to use asymmetric and simple solutions, to which the web has proven itself incapable. Managing client certificates in browsers has always been a bloody nightmare and always ends up in failure in my experience, which leaves you with very few options for proper key based authentication. Sure it doesn’t fix the client-to-server authenticated communication problem, but it does allow that initial connection auth. You know something is clever when you have to say to yourself “This is so obvious, how did I never think of this?”
Managing client certificates in browsers has always been a bloody nightmare and always ends up in failure in my experience
How much of this is due to it being inherently difficult vs browser vendors just doing an absolutely shit job at implementing it though?
It is most definitely both in my opinion, with more blame going towards the browsers. I think that it is inherently difficult because the “industry” has decided on X.509 and all of it’s baggage, which introduces so many difficulties into web services trying to reliably using client certificates. For example, you don’t need a proper CA authority for mutually authenticating a client cert, but the server somehow has to deal with look ups and authentication which can get messy. Then the browser vendors seem to be caught in the early 90s and never seemed to agree on how to unify client certificate interfaces and make it atrociously different per browser.
I just realized that the author was kind enough to bring the demo back up temporarily because of Lobste.rs!
(update: the demo is back online for a little while, just for you lobsters)
This is an interesting feeling. Has Lobste.rs hit critical mass and achieved a minor slashdot/HN effect?
@admins: Do we know how much traffic we actually sent their way via unique click-throughs? Would be nice to know if it’s okay to share it :)
I’m curious, too, if it’s because the author was a Lobste.rs reader following the front page or a lot of traffic. It’s the first time I’ve seen a site do something for Lobste.rs since I’ve been on here. One that wasn’t created by a member for the members or something like that.