W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2021

Re: [webauthn] Can the private keys be used for other cryptographic operations? (#1595)

From: certainlyNotHeisenberg via GitHub <sysbot+gh@w3.org>
Date: Sat, 01 May 2021 02:43:52 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-830495343-1619837031-sysbot+gh@w3.org>
@cybercent I feel you, but I think the people who've been working so hard to develop and get adoption of the WebAuthn spec deserve a ton of credit. It's a real step forward (and hard to push through). I'm new to this community and super appreciative of all the work that's been done.

I very much agree with you though. WebAuthn doesn't meet the needs of Web3 systems. What's really needed to make Web3 take off is generic hardware backed crypto through the browser, whether using external keys like you said or internal device hardware. (I'd argue internal device hardware is actually much more important for widespread adoption.) Imagine if we had that. Any dApp would be usable natively in standard web browsers — no MetaMask or other subpar solutions required. And lay users wouldn't have to deal with complicated crypto or managing private keys. It'd all be abstracted behind simple device biometrics.

I'm not sure it's possible at this point to expand the WebAuthn spec to accommodate this more general goal, since it's so narrowly scoped. But the more general goal is so compelling and very much seems like the future. It may be simple to get there, if we can just add signing data functionality.

-- 
GitHub Notification of comment by certainlyNotHeisenberg
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-830495343 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 1 May 2021 02:43:53 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC