Re: [webauthn] Can the private keys be used for other cryptographic operations? (#1595) from Thomas Duboucher via GitHub on 2021-04-15 (public-webauthn@w3.org from April 2021)

From: Thomas Duboucher via GitHub <sysbot+gh@w3.org>
Date: Thu, 15 Apr 2021 19:50:50 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-820690452-1618516249-sysbot+gh@w3.org>

@certainlyNotHeisenberg Allowing a cryptographic key for several use/algorithms is a _bad idea_™ and has led to various _catastrophic failures_™ through unexpected protocol/algorithms interactions. As an example, this is why in both PGP and X.509 certification, signature, and authentication are three separate usages for keys.

In addition to all the specifications previously mentioned, there's also [Web API For Accessing Secure Element](https://globalplatform.github.io/WebApis-for-SE/doc/) that was intended for your use case, but ultimately wasn't kept by w3c due to the lack of interest at the time.

-- 
GitHub Notification of comment by serianox
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-820690452 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 15 April 2021 19:50:52 UTC