Re: [webauthn] Can the private keys be used for other cryptographic operations? (#1595)

so many protocol "standard" are fundamentally broken because the committees lack the vision to see that they cannot possible think of all use cases.   allowing people to shoot themselves in the foot with low level primitives is a good thing - as long as you advise them not to.   you have now created a protocol that cannot support document signing, threshold signing, hardware-backed storage of cryptocurrency, and more.   but it *could* have.   it would be trivial to expose a DH operation and let people build creative things that nobody thought of.   then leave it up to the next standards committee for the best practices on those use cases.

-- 
GitHub Notification of comment by earonesty
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-1406855424 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 27 January 2023 17:43:22 UTC