- From: certainlyNotHeisenberg via GitHub <sysbot+gh@w3.org>
- Date: Thu, 08 Apr 2021 20:38:52 +0000
- To: public-webauthn@w3.org
certainlyNotHeisenberg has just created a new issue for https://github.com/w3c/webauthn: == Can the private keys be used for other cryptographic operations? == For example, can they be used to sign and encrypt data the client passes? This goes beyond authentication, so it may be fair to consider it out of scope, given that "authn" is in the spec name! But I think being able to use the private keys more generally would open up very compelling functionality. For example, a web app could act like a mobile app in the sense that it could leverage device biometrics and secure mobile hardware to create, store, and use private keys. This would be a major advance, since currently many uses of public key crypto that are theoretically compelling are practically infeasible because they require businesses to make users install mobile apps. Web apps are so much more usable because they don't need to be installed. I looked all over the place to try to sort this out and didn't find anything, but maybe I'm just missing it. I thought maybe the WebAuthn extensions could fit this scenario? But I'm really not sure. There are many subtleties, like some key types not being suitable for encryption, etc. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 8 April 2021 20:38:53 UTC