- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 09 Apr 2021 21:04:35 +0000
- To: public-webauthn@w3.org
> From a security perspective, there are very compelling reasons to open up secure device hardware to web apps. ... "Use of cryptography in web apps has been hindered by the problem of where to store cryptographic keys." Yes, this is a long-recognized but apparently really-tough-to-address problem. The more general [Web Crypto API](https://www.w3.org/TR/WebCryptoAPI/) is likely what you want for your use cases, rather than WebAuthn, although layering WebCrypto on top of hardware-based crypto+storage facilities is presently not standardized. FYI/FWIW, there is an existing, relevant, _tho apparently dormant_, [Hardware-backed Security Services Community Group](https://www.w3.org/community/hb-secure-services/), whose unfinished draft report takes a stab at a WebCrypto-linked [Secure Credential Storage API](https://rawgit.com/w3c/websec/gh-pages/hbss.html#concept-throw:~:text=Secure%20Credential%20Storage%20API,-This). -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-816970977 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 9 April 2021 21:04:37 UTC