Hi,
I think we should take care to better inform users about the privacy issues of
certificates used inside of their browsers.
If the browser is not specifically configured to only provide the certificate
to specific sites (and I don't even know whether this configuration
possibility exists for all browsers), the certificate is sent to every web
server that uses HTTPS for some of its contents. Your certificate can contain
a lot of information, including your name and very often also the email
address.
So, I think we should take care to inform the users to limit the sending of
the certificate to the relevant servers. Sometimes it's also useful to
configure use of particular certificates with certain servers, if you have
multiple certificates.
Cheers,
Derek
--
Dr. Derek Feichtinger Tel: +41 56 310 47 33
AIT Group email: [log in to unmask]
PSI
CH-5232 Villigen PSI
|