W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

Re: [webauthn] None hardware/device option - as for ssl client certificates (#1027)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 Mar 2019 21:36:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-470704292-1551994583-sysbot+gh@w3.org>
No, I don't think it's likely that SSL/TLS certificates will ever be usable as WebAuthn credentials. My reasoning for this is that a certificate is a stable global identity that is correlatable between RPs, while a WebAuthn credential is bound to a particular RP and not correlatable.

That said, WebAuthn as a protocol is compatible with pure-software authenticators, but there currently is no standardised API for implementing them. You're welcome to open a new issue requesting standardising support for software authenticators, but of course I can't promise the browsers will be willing to implement it.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1027#issuecomment-470704292 using your GitHub account
Received on Thursday, 7 March 2019 21:36:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:02 UTC