0

Taking the concept from the Gemini protocol that allows clients to identify themselves using their own self-signed certificate - is this a valid concept that could be used in other protocols and what is the downside?

From a client's point of view, when you come across a login prompt, you could select your certificate (from your own local store) and that then can identify you, without leaking any personal information - used purely as an identifier.

The server can store the hash of the certificate and use it for future identification.

As an added bonus responses can then be encrypted using the identifiers public key.

LittleBobTable
  • 1
  • 1
  • 1
    That's essentially FIDO2 but worse –  May 03 '22 at 11:20
  • Related: https://security.stackexchange.com/questions/251826/can-mutual-tls-work-with-a-self-signed-client-certificate and https://security.stackexchange.com/questions/258592/authorising-client-mtls-based-on-distinguished-name – mti2935 May 03 '22 at 14:35
  • Does this answer your question? [Can mutual TLS work with a self-signed client certificate?](https://security.stackexchange.com/questions/251826/can-mutual-tls-work-with-a-self-signed-client-certificate) – mentallurg May 03 '22 at 17:16

0 Answers0