This repository was archived by the owner on Mar 4, 2025. It is now read-only.
This repository was archived by the owner on Mar 4, 2025. It is now read-only.
Let's discuss the client certificates #296
Description
The way we're doing client certificates has quite some flaws at the moment. The major ones are:
- The certificates are neither encrypted nor somehow else protected by a password. This means an attacker who gets one has immediate full access.
- There's no list of issued certificates and absolutely no way to revoke one. Also see Allow revoking of DB4S certificate(s) #122.
- They are generated on our servers when really they should be generated by the client application which then only transmits the public key for signing by our infrastructure.
Points 1 and 2 make them seem pretty insecure and problematic. Point 3 makes it harder to implement them properly because we'd have to have code in DB4S, in dio, and in Javascript for the web UI - besides basically building a full-fledged CA. And then users are still confused about certificates because they usually don't deal with them.
I definitely don't want to say client certificates for authentication are bad. But considering everything honestly wondering it it's maybe not better to implement 0Auth in dio and DB4S or just use API keys. What do you think?