- From: certainlyNotHeisenberg via GitHub <sysbot+gh@w3.org>
- Date: Thu, 15 Apr 2021 20:02:24 +0000
- To: public-webauthn@w3.org
@serianox Yes, I totally agree and know what you're getting at. But I didn't mean that a single key would be used for multiple functions. Each key could be used for only a single function, and the algorithm could be chosen specifically for that function. So, for example, one key could be used for authentication á la WebAuthn, and a separate one could be used for signing data. Maybe these two keys could be directly connected somehow, but they'd be at least indirectly connected by virtue of being stored in the secure hardware of the same device, only accessible to a user passing through the platform authenticator of that device (e.g. Face ID on an iPhone). The goal I have in mind is enabling the same sort of hardware backed crypto for web apps that mobile apps already have. And that seems very doable if web apps have similar access through the browser that mobile apps have through the OS. It just hasn't been done yet. Thanks for linking to this — I hadn't come across this one. Too bad that it went dormant! -- GitHub Notification of comment by certainlyNotHeisenberg Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-820696614 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 15 April 2021 20:02:26 UTC