~pabs

Recent activity

Re: Can we talk about client-side certificates? 3 months ago

From Paul Wise to ~sircmpwn/public-inbox

On Fri, 2020-06-12 at 21:24 -0400, Drew DeVault wrote:

> The issues you mention don't affect the use-case I described, though.
> The end-user would never be expected to handle the certificates, just
> the service provider and the API client.

Sure, I wanted to answer the general question of why they are an unused
technology that thus is likely to bitrot and disappear.

-- 
bye,
pabs

https://bonedaddy.net/pabs3/

Re: Can we talk about client-side certificates? 3 months ago

From Paul Wise to ~sircmpwn/public-inbox

The issue with client-side certificates is entirely the fault of the
browser vendors. The user interface for browser-native authentication
methods in general is terrible (modal dialogs in Firefox). The user
interface for expired client certs is exactly the same as for expired
server certs, so there is a large user support burden just from yearly
expiring client certs. The W3C and browser vendors also dropped support
for the <keygen> tag so users have to drop to the command-line to
create new keys, which basically no-one except technical users can do.
Also, since it removes control of the authentication flow from web
designers, web developers and puts it in the hands of the web server
and sysadmin, it is probably unpopular with the folks who control
websites since users get subjected to substandard login UX. The new
WebAuthn standard (that only works with JS IIRC) replaces client certs
for the browser vendors, so it is likely client certs will be

[PATCH todo.sr.ht 2/2] Contract the email signatures into one line 1 year, 2 months ago

From Paul Wise to ~sircmpwn/sr.ht-dev

A shorter email signature wastes less space in email viewers.
---
 todosrht/emails/new_ticket      | 5 +----
 todosrht/emails/ticket_assigned | 5 +----
 todosrht/emails/ticket_comment  | 5 +----
 todosrht/emails/ticket_mention  | 5 +----
 4 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/todosrht/emails/new_ticket b/todosrht/emails/new_ticket
index a9de111..d029b86 100644
--- a/todosrht/emails/new_ticket
+++ b/todosrht/emails/new_ticket
@@ -2,7 +2,4 @@
{{ticket.description}}
[message trimmed]

[PATCH todo.sr.ht 1/2] Use "-- " for the email signature separator 1 year, 2 months ago

From Paul Wise to ~sircmpwn/sr.ht-dev

This is the separator specified in RFC 3676 item 4.3.

See-also: https://www.ietf.org/rfc/rfc3676.txt
See-also: https://en.wikipedia.org/wiki/Signature_block
---
 todosrht/emails/new_ticket      | 2 +-
 todosrht/emails/ticket_assigned | 2 +-
 todosrht/emails/ticket_comment  | 2 +-
 todosrht/emails/ticket_mention  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/todosrht/emails/new_ticket b/todosrht/emails/new_ticket
index 88720b1..a9de111 100644
--- a/todosrht/emails/new_ticket
[message trimmed]