- From: Markus Schräder via GitHub <sysbot+gh@w3.org>
- Date: Wed, 08 Aug 2018 12:27:51 +0000
- To: public-webauthn@w3.org
pRiVi has just created a new issue for https://github.com/w3c/webauthn: == None hardware option - as for ssl client certificates == We are currently securing websites via client certificates; without any hardware at all. We are very comfortable and satisfied with this solution, but get problems on the currently browser vendors by removing <keygen> and other client ssl certification-features without replacement. Some told us the replacement should be webauthn - but the currently implementations forces the existance of hardware, which is just inaceptable for our solutions and is just not a replacement for the currently possibilities of client certificates without hardware binding. We just donnot want hardware binding at all, and request the possibility to specify in the generation of a public key that - no hardware(-token) should be used and optional - the user should not be questioned about a hardware token Did I just miss something in the docs, or is there no option mentioned to be able to just skip a hardware binding at all? If not: Could you please allow this to be integrated, so you have a real replacement for <keygen> and client certificates? Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1027 using your GitHub account
Received on Wednesday, 8 August 2018 12:27:54 UTC