Posted by Tony Arcieri on Apr 15

On Sat, Apr 9, 2016 at 2:34 AM, Árpád Magosányi <mag () magwas rulez org>
wrote:

Using X.509 client certificates with browsers has a *huge* problem: they
don’t follow the same-origin policy, and <keygen> was not designed for this
in mind. Without following SOP, browsers wind up doing a terrible thing:
prompting the user to select which TLS client cert/key to use with a
particular web site. This is bad for both UX and…