Re: [webauthn] Add a way to use webauthn without Javascript (#1255) from Rolf Lindemann via GitHub on 2025-01-23 (public-webauthn@w3.org from January 2025)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Thu, 23 Jan 2025 07:20:59 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2609036108-1737616857-sysbot+gh@w3.org>

Researchers have experimentally aded FIDO support to TLS as an alternative client authentication method. For example, see https://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2021-02/SAR-PR-2021-02_.pdf.

Obviously that would require the TLS server to support FIDO and the TLS client (i.e. Browser) to do so as well.
This approach addresses the channel binding aspect as well as the inconsequential nature of the token binding approach (see https://github.com/w3c/webauthn/pull/2239#issuecomment-2607222212).

Would that address the concerns of using JavaScript?

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1255#issuecomment-2609036108 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 23 January 2025 07:21:00 UTC