X.509 Interop
Mark Sirota
msirota at isc.upenn.edu
Thu Nov 17 12:56:43 EST 2005
--On November 17, 2005 11:05:31 AM -0600 "Douglas E. Engert"
<deengert at anl.gov> wrote:
> There is browser support! Along with the UMich Kx509 that works with
> the IE there is the kpkcs11 for all the others browsers. This implements
> a PKCS11 Security device plugin, and it works on Unix or Windows with
> Netscape, Mozilla or any other browser that can use smatcards
> via a PKCS11 plugin. It should also work on a Mac too.
Might be worth looking into again. Our last investigation (probably two
years ago) showed that while IE pretended to support this, it did goofy
things -- if the server advertised the capability, the browser would ask
the user which certificate to present, even if the user had zero
certificates
in their cache. Support for this would have been nightmarish. Safari
worked, kinda, but required some goofy hackery. I don't remember the rest
off the top of my head.
Mark
More information about the Kerberos
mailing list