Dear Anthony, Dan, and Mike,
With the release of Chrome 145 and the graduation of DBSC to stable , we are submitting an alternative architectural approach that eliminates the "Procedural Ceremony" of session management.
Our proposal, PADIT (Post-Authentication Device Identity in Transaction), moves identity assurance from the application layer to a hardware-bound mTLS connection. By utilizing the FIDO2 PRF extension or TPM keys as entropy for a TLS 1.3 External PSK handshake, we establish a deterministic state where the existence of the communication is the mathematical proof of identity.
Attached for your review:
* Formal Letter: Outlining why the transport layer is the natural home for identity.
* The PADIT Whitepaper: A deep dive into the "No-Token" transport-layer approach.
* Whitepaper: "Architecting for a Secure Internet," detailing the roadmap for DIT (Device Identity) and LIT (Live Identity).
We have simultaneously reached out to the IETF TLS Working Group regarding the transport-layer implications and request the opportunity to present this model at an upcoming WebAuthn or WebAppSec meeting.
Sincerely,
Thi Nguyen-Huu
Founder and CEO, WinMagic Corp.
Tel: +1 905.502.7000 x 3288 | Toll Free: 888.879.5879
thi.nh@winmagic.com<mailto:thi.nh@winmagic.com> | www.winmagic.com<http://www.winmagic.com/>
WinMagic Corp. | 11-80 Galaxy Blvd.
Toronto, ON | M9W 4Y8 | Canada | www.winmagic.com<http://www.winmagic.com/>
[cid:image001.png@01DCA94E.91E7E7F0]<http://www.facebook.com/WinMagicInc> [cid:image002.png@01DCA94E.91E7E7F0] <https://twitter.com/winmagic> [cid:image003.png@01DCA94E.91E7E7F0] <http://www.linkedin.com/company/winmagic> [cid:image004.png@01DCA94E.91E7E7F0] <https://www.winmagic.com/blog/>
[A person typing on a computer AI-generated content may be incorrect.]<https://winmagic.com/en/zero-trust-mandates-next-gen-iam-here-is-why/>
