Re: webauthn post on NANOG from Christiaan Brand on 2019-03-25 (public-webauthn@w3.org from March 2019)

From: Christiaan Brand <cbrand@google.com>
Date: Mon, 25 Mar 2019 08:46:46 -0700
To: Samuel Weiler <weiler@w3.org>
Cc: Anthony Nadalin <tonynad@microsoft.com>, W3C Web Authn WG <public-webauthn@w3.org>
Message-ID: <CAE1XR1mLhzdBzvJ+PHeKrn__sA_A-vbn4fhrcH4sYeofe_VRdg@mail.gmail.com>

> But we don't want to discourage,
oh say, Epicurious to implement webauthn to get to my super-secret recipe
box
because they don't think people will buy id dongles.

I think the point is being missed here. The presence of hardware in
webauthn/fido is not because we think it’s necessarily better than
software. It’s because it’s removable and can travel with you to new
devices. That’s much harder to do with on-device software solutions without
resorting to some sort of syncing, which in many cases relegates your 2fa
solution to 1fa again.

Feel free to send this on to the OP.

/christiaan

On Mon, Mar 25, 2019 at 08:37 Samuel Weiler <weiler@w3.org> wrote:

> On Mon, 25 Mar 2019, Anthony Nadalin wrote:
>
> > Just wondering what you want us to do here as there is no real
> > information in this this message relative to WebAuthn
>
> I wanted members of the WG to be aware of it in case the discussion
> ran off somewhere - some of you might have wanted to weigh in.  Given
> that the thread died on the vine, there is no immediate action item.
>
> Emil pointed out the already-open related issue.
>
> -- Sam
>
>
>
>

Received on Monday, 25 March 2019 15:47:20 UTC