From 0975243825d47f70414f2e3b690d9bcee1d26a7b Mon Sep 17 00:00:00 2001 From: Evan Broder Date: Sun, 16 Aug 2009 00:34:50 -0400 Subject: [PATCH] --- projects/ideas.mdwn | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/projects/ideas.mdwn b/projects/ideas.mdwn index 117c242..4621717 100644 --- a/projects/ideas.mdwn +++ b/projects/ideas.mdwn @@ -76,6 +76,16 @@ This would be immensely more useful as an iPhone application. _Contact: ccpost_ +## Safari plugin for setting identity preferences + +Safari's handling of client-side certificate authentication [changed around OS X 10.5.3](http://support.apple.com/kb/HT1679), such that Safari won't present (and won't prompt you to present) a client-side certificate if certs are only optional. Unfortunately, most sites around MIT only optionally accept certs, in spite of the fact that they'll error out if you don't provide one. + +You can override this unfortunate behavior with "Identity Preferences", and IS&T's answer for this is [CertAid](http://ist.mit.edu/services/software/certaid/10x), which simply seeds the Keychain with a pre-defined list of websites for which Safari should present your cert. This isn't a great solution for, e.g., scripts.mit.edu, which has thousands of sites - far too many to give to IS&T to include in CertAid. If that wasn't irritating enough, Identity Preferences don't take affect until you restart your browser. + +A better solution would be a plugin for Safari that intercepted 401 errors sent over SSL, prompted you to set an Identity Preference, and then attempted to reload the page with the new identity preference set. + +_Contact: broder_ + ## Snapshotted virtual machines for all popular Linux distributions A common need for people writing Linux software is to check that their -- 2.44.0